{"report_id":"58b2f48d-88c3-4d60-8715-f188f779e12a","version":6,"status":"done","tags":[],"date":"2025-09-01T10:46:04Z","url":{"schema":"http","addr":"aguea.net","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"title":"Aguea Twitter Web Viewer"},"submit":{"url":{"schema":"http","addr":"aguea.net","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"104.21.45.181","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-06T10:46:04Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"odourtaste.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-08-27T05:03:54.731092Z","alert_count":1,"request_count":1,"received_data":377,"sent_data":412,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-08-29T14:53:30.388188Z","alert_count":0,"request_count":2,"received_data":836,"sent_data":882,"comment":"","tags":null,"fingerprints":null},{"fqdn":"grandeursubtlecol.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":7,"request_count":7,"received_data":25390,"sent_data":7748,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"odourtaste.com","ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-11-17","domain_rank":0,"first_seen":"2025-01-21T07:15:04.04511Z","last_seen":"2025-08-28T20:15:15.955826Z","alert_count":3,"request_count":3,"received_data":170408,"sent_data":1319,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"torchfriendlypay.com","ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-01","domain_rank":191479,"first_seen":"2025-07-30T13:31:49.539518Z","last_seen":"2025-08-27T16:24:56.203714Z","alert_count":3,"request_count":3,"received_data":79817,"sent_data":1386,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-08-26T21:51:48.445996Z","alert_count":2,"request_count":2,"received_data":171926,"sent_data":814,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"aguea.net","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-05-08","domain_rank":1485381,"first_seen":"2025-07-01T17:09:29.523489Z","last_seen":"2025-07-01T17:09:29.523489Z","alert_count":0,"request_count":11,"received_data":145814,"sent_data":6165,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-08-26T21:51:48.43432Z","alert_count":0,"request_count":2,"received_data":992,"sent_data":1522,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-08-29T06:56:05.274955Z","alert_count":0,"request_count":2,"received_data":295286,"sent_data":980,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"f401778f0a976006372da71f44e81066","sha1":"24629ad7284fe719b8acb534fbf9d826a9affe88","sha256":"3688ddfea65191fbfe520734c80df44aac93743ebfd7c8f071b0c39cd8c6dc7d","sha512":"13b2bd408fa14f6f428a5304b6826a22ab38e386da303d3b35be20d3198b2707cd79723f1ac3fd0e67fe24fe2a3788e6c9bdb4550c540a9b217c1d1b87bedb15","ssdeep":"","tlshash":"14d023d53c768431529c024a50b5e3dc357031a47bd1a64482cdcc2f5e21ed314f1a5c","size":217,"data":"","first_seen":"2025-09-01T10:46:10.323625Z","last_seen":"2025-09-01T10:46:10.323625Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4f05f9a38fd3d2cdd3b862e603612b0c","sha1":"b1acab275e8656c041441278accd58398006e11d","sha256":"b8f510db75de879a19a04dc7b8d6482af990b5d69bf7d1bdbfd2f7fce9d4de48","sha512":"5a5db3994dc28cf19dd70f8b334b62ef6e0b946f532110866ca37d654a3863937d0b0975fecaaa9f20c6be5cf13340f1d72ed0ae4930d6be5b428f863b792400","ssdeep":"192:Tp1KKX0rI28xKiK4ss5Wf/QWCv/JVl/X3Uclluf3tXs:V1KKX0sKiK4J5IYjzl/XEmY5s","tlshash":"f42218d7f988e1fec25999f50ebbe4f6114a9e9d21a13e09d21358687e30f40a40ff49","size":9967,"data":"","first_seen":"2025-09-01T10:30:47.008792Z","last_seen":"2025-09-01T10:46:10.311998Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"odourtaste.com/bf85dbb864fe97b2a9bb64a15991a07b/invoke.js","fqdn":"odourtaste.com","domain":"odourtaste.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"f20d4410a34597e4cabb84b19a897de4","sha1":"5a4a09f9f1d20c9cd4b5f4204cc64c39d3f2f96c","sha256":"2d88732358a675ea99dc4d14486e99dc91f88944fbb03871036ac20efb3198a3","sha512":"030abdb07fbb17b29d4a79ae75353d4865e78f05c198183c36343d839a1ef3f0c3372a68783c0fe498402bfe28f96c0a7668e91620542fcae3737e56d36db54b","ssdeep":"768:5dAJfLHRgMJ0/57czwG4ZuraJEOlhPm7x:+LHRaaMw1x","tlshash":"43d2d7eb7f10b3bc129b9473263f440ae3391c02f5c8c75dd976d6952a9c30a897a6d8","size":31064,"data":"","first_seen":"2025-09-01T10:46:10.315152Z","last_seen":"2025-09-01T10:46:10.315152Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"042003d69d82c7a94ff0e9b8c22138b8","sha1":"714418ac5fc0828ee10378bd1a2e9d0b594b2dc4","sha256":"f42dc9d558b13585aa952f7da97f52c79edf4b9d875d2a5a9c53a9c09bba0e13","sha512":"223f0f7073e5eb96d70c6de03eecb2ace9af24078cdaefa3f6cc6668618a8e75221f59e919c8d0d66593a67e3d3eb2c2bcce85c34923f96564d9b0e791b42755","ssdeep":"","tlshash":"3ef0dca53cc88039833611227233f29872692a287849ac21c15d889228aadfc187f50c","size":468,"data":"","first_seen":"2025-07-26T19:36:31.973397Z","last_seen":"2026-04-01T21:25:32.181517Z","times_seen":17,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"165ccb7acdba8dad14df8404b047a080","sha1":"881d49b0532585c20619cb212a93387c2f741a2e","sha256":"1713aec70ec80d6f2e9c2d28085a65bac6628ba6781d8361f901a1e8113b2315","sha512":"6c38230e9ed9e12aabd0c55900b790b3f903888b6a4bec5732d5f319e4441e5e836f8ba4ba1985237f11ece186970c5abf2d8a96dd6bfa1b194f09f518f815e9","ssdeep":"","tlshash":"ff11dcb53a1a2534c685418b317ee7a93d3220617a02a084c36ccc299918e8314efdbe","size":902,"data":"","first_seen":"2025-09-01T10:46:10.32609Z","last_seen":"2025-09-01T10:46:10.32609Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"a524ecfbd97124fd2e9c3f6ad371ca23","sha1":"a281b89a51cfe367f92816be50eba55ccc0eaee6","sha256":"5549a01f3d1c788c8e44dc8a54e5c9103880b5608d3b44e0a0ea4ebd124dc18f","sha512":"dbfa06ea3faf0b6451668b8634e61e52c71ac098f26b08551cac54344128a205b2378e56953102dda758aa63fab8ed1e22c3a74eda39a154caff8f2b6b3bdee5","ssdeep":"96:WhmlSzNzYF4RWz3qVeBYJ2gzAKAYaR/tCP/KZhWAEGo:SmAz+60BSF81RM3KZoGo","tlshash":"b1a1618e3f81b4ac069270372f3f6e0ef13a5c55195ad4d8d202a0a47f28a39d4b6b55","size":5080,"data":"","first_seen":"2025-08-06T23:31:31.906679Z","last_seen":"2025-09-26T10:32:45.122277Z","times_seen":4581,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/53/23/86/5323869a8beda1d7db01e9c875b2f49f.js","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"a524ecfbd97124fd2e9c3f6ad371ca23","sha1":"a281b89a51cfe367f92816be50eba55ccc0eaee6","sha256":"5549a01f3d1c788c8e44dc8a54e5c9103880b5608d3b44e0a0ea4ebd124dc18f","sha512":"dbfa06ea3faf0b6451668b8634e61e52c71ac098f26b08551cac54344128a205b2378e56953102dda758aa63fab8ed1e22c3a74eda39a154caff8f2b6b3bdee5","ssdeep":"96:WhmlSzNzYF4RWz3qVeBYJ2gzAKAYaR/tCP/KZhWAEGo:SmAz+60BSF81RM3KZoGo","tlshash":"b1a1618e3f81b4ac069270372f3f6e0ef13a5c55195ad4d8d202a0a47f28a39d4b6b55","size":5080,"data":"","first_seen":"2025-08-06T23:31:31.906679Z","last_seen":"2025-09-26T10:32:45.122277Z","times_seen":4581,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/fb/f7/c0/fbf7c04e669126c400d669cb6e625736.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba6c29abbd003f4f2e7c3a7e739d5856","sha1":"73c2e53510830237603d13fe4c78bdf07ca3d243","sha256":"d2426622f87c50d8ed2868d6882a1c31a261847344a29170269d7629a92f4ca5","sha512":"f639090eae4a13513aa80b069c59a46cf7e93ce1fa4f5eca469abdbaa438226780175676809e462431348d46081ecf8b07e252001299a2c09339fd1dadebfa9a","ssdeep":"768:Y2bnYsmTSkqw648+QhS8u+Jcj/XcdNjN5mOdY08kUbTehzbcepwOf:Y2bngq4x5O+jvc9dY0U3f4","tlshash":"a063d7483f91b27802e6b8fa712fa61af0265c1195d8e0d8f503f4ddae66719f035f25","size":72595,"data":"","first_seen":"2025-09-01T10:46:10.32116Z","last_seen":"2025-09-01T10:46:10.32116Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"odourtaste.com/86/be/1b/86be1b57d34beb8211a61a0fb677dce0.js","fqdn":"odourtaste.com","domain":"odourtaste.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"a2eb549efbcc9062a8008716d4444725","sha1":"7f1ae8b78c8d1b2956e3f8b71752f6d6afce4083","sha256":"8e9e6320700bf76f063ffedb319c0894fb1aee5f93eff60a995c2a498aa0fa09","sha512":"12e09d7d9c4e8fce918d901ba2749b6dfe509b0804dc5ea2d8678e8d5f6850c9d0a37ace506a5ff05fb5dad28ab288371d340be34891b9fdf77d98ad83345447","ssdeep":"1536:dxIEKRqXVJi5sbaeBvat/xp1P2PNrdMCC2cevmiwB/BDMCGS5Y:0KVJi5s7ahxp521rcuZwHoj","tlshash":"b0a3a8487f90fcbe02566033663f951bf1aa0e415958c988d11afdb42a3c31bfa3da75","size":105890,"data":"","first_seen":"2025-09-01T10:46:10.316124Z","last_seen":"2025-09-01T10:46:10.316124Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"odourtaste.com/bf85dbb864fe97b2a9bb64a15991a07b/invoke.js","fqdn":"odourtaste.com","domain":"odourtaste.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"07526de38aad93279acc2b79c4882b83","sha1":"c5403c5d3dae8092d6f8b56f4e7cc0fb4e90d64a","sha256":"d2497f9da28f1036c793bc7bba0cd2bd847cf050d14a09f6741c13576a74b9f8","sha512":"b6f27578f6ae60930e6f23a98671e69cfd538bfed3696f36f7eda899b72585ad448cda6bae29d938c0c90b1665741990db9d5283827ce8df5c62fc18210942aa","ssdeep":"768:5dAJfLHRgGJo/57czwG6ZuraJEOlhPm7d:+LHRiaM01d","tlshash":"b4d2d7db7f10b3bd129b9473263f440ae3391c02f5c8c75dd976d6952a8c30b896a6e8","size":31036,"data":"","first_seen":"2025-09-01T10:46:10.31717Z","last_seen":"2025-09-01T10:46:10.31717Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"aguea.net/","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-01T10:45:40.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:40 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=31536000\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NFljcNEMdnPKgcRHO6UH4e9b2b5WnR7nEyupufGbzsAzawYzcBE6n6pwpTGIpibbQz7lCBDlmtitULE4Dw6jCH2Lfw4yHJk%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 97842df12cc7b50b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9280,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (928), with CRLF line terminators","md5":"f89084b0cb9bc9d068ce7706dea48a54","sha1":"97b234bc43f0e39d3a0acc20583ce929e8ea9161","sha256":"0ff0b2ea0725d9edfba7b0fc755d47fc2d6a5f90db7b0b49fd7803cb193a2d30","sha512":"1a8a1ea289859e07a92d00a5f6630f0e846bbcaf7a0c47a6b3942d82cb49367bb817458f7a45a6ff8523d679b075a77a3a8667b88e45e7ec4b20d8dc7420b600","ssdeep":"96:oS7JibGK6YTjVx8cIdr4vl8cIdr4G+6DAe9sfL9Y1EbASzGjcTGT0rnx/IH:v7JNK9TZCcIRumcIRT+Q9u9YrSZnx/q","tlshash":"1a12a4765b80402966b362a89362231ef753811bcb87c920b5ed96a3cff5d90ccd394e","first_seen":"2025-09-01T10:46:10.304314Z","last_seen":"2025-09-01T10:46:10.304314Z","times_seen":1,"resource_available":false,"data":null}},"time_used":146,"timings":{"blocked":29,"dns":9,"connect":1,"send":0,"wait":86,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.775Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://aguea.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=d29d3e31-a428-4b8e-8b25-f940d5c79a29:1:1; expires=Thu, 30 Aug 2035 10:45:41 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"10181900e530d045f49242d74bcbc83e","sha1":"ec474a5dc9aa3348acc077297b5c03b9a7e59d67","sha256":"95e3a52a4edefc8abfaa31888e48c144acecdf1bfc200f78cad6527e0549ee3f","sha512":"518fd4dbfbfed666aa53ccc4115b285eae25c3c3f90591d6643b9653f9cce7a74aa33d29bd747e1c2382d5d180650cfaf2d6c83a038b92bacc5c0f9d93e5c766","ssdeep":"","tlshash":"a390045153003151074c3c0c054103d1151d31540c733104cd01d310310033d70d415c","first_seen":"2025-09-01T10:46:10.305456Z","last_seen":"2025-09-01T10:46:10.305456Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/h/b/jsd/r/0.9025720295938765:1756719534:HrhENSHeGTGO_1GMqNXl_zDAYQtnA3gFSLbSCgU8NHQ/97842df12cc7b50b","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"POST /cdn-cgi/challenge-platform/h/b/jsd/r/0.9025720295938765:1756719534:HrhENSHeGTGO_1GMqNXl_zDAYQtnA3gFSLbSCgU8NHQ/97842df12cc7b50b HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 12066\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=d29d3e31-a428-4b8e-8b25-f940d5c79a29%3A1%3A1; pp_main_86be1b57d34beb8211a61a0fb677dce0=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:42 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\ncontent-length: 0\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\nset-cookie: cf_clearance=BLs3P9FZeQ963kR9xYm14yga_QyzyDuhfczlPXTLrq4-1756723542-1.2.1.1-PH4FCUe99mYByk93LLPQtGsoeYz6rkNfF5Qr2cCv_ftFgADQq4pgjapRyx6zzb317B3okuE06uMj8AzVK_vj46jNMQRDY3gE428DLPuAf.JnEMzDkxblY1ZqAanL6qTYzT2gBJuk.wghjqiKS8cAQQ2BZ45A6F3u6s1QzPUnNX_JwDFqAaJkyQkIExKc1Fxd682_j9x9yJjf4OW_QxJ4NinOP2Deyb4I_gHJ78TriTk; HttpOnly; SameSite=None; Partitioned; Secure; Path=/; Domain=aguea.net; Expires=Tue, 01 Sep 2026 10:45:42 GMT\r\ncf-ray: 97842dfa5fdd8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/favicon-16x16.png","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.576Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /favicon-16x16.png HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=d29d3e31-a428-4b8e-8b25-f940d5c79a29%3A1%3A1; pp_main_86be1b57d34beb8211a61a0fb677dce0=1; cf_clearance=BLs3P9FZeQ963kR9xYm14yga_QyzyDuhfczlPXTLrq4-1756723542-1.2.1.1-PH4FCUe99mYByk93LLPQtGsoeYz6rkNfF5Qr2cCv_ftFgADQq4pgjapRyx6zzb317B3okuE06uMj8AzVK_vj46jNMQRDY3gE428DLPuAf.JnEMzDkxblY1ZqAanL6qTYzT2gBJuk.wghjqiKS8cAQQ2BZ45A6F3u6s1QzPUnNX_JwDFqAaJkyQkIExKc1Fxd682_j9x9yJjf4OW_QxJ4NinOP2Deyb4I_gHJ78TriTk; m5a4xojbcp2nx3gptmm633qal3gzmadn=grandeursubtlecol.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 608\r\nserver: cloudflare\r\nlast-modified: Fri, 09 May 2025 17:39:03 GMT\r\netag: \"681e3db7-260\"\r\nexpires: Sun, 28 Sep 2025 07:22:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\nage: 271363\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7xA5D4KWVWsJAVFeUidmqLb8wSLvS5AEcruHY0eS80EE6yniPrn19NbCuqnjJmVTXXyvs06Bzmth7XcIwt80AvnNK%2BHcK1d9Sg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 97842dfd1e3b8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":608,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced","md5":"994e6528e3dec09c6195e07e4c49a70d","sha1":"484fbccb880578ca39b987f04711e1f69b0c00c3","sha256":"e058dd2d81cff54eae43d3a462f7057a0f13f40beb2b062dc7628b4fe123a6ed","sha512":"ca559e33e8a449b7d21f14af85fcdf2282e3ce561627d2b923cfd44215ed476b3b6c3f7e1a29f48a286bbd82d8a5aefe0e6b09a7da55f3537539cac1363732e0","ssdeep":"","tlshash":"80f0b755c64bd42c2f5c2655e6b0f0005e0572cc054ae5cf3e0fa2bde20612e0f31047","first_seen":"2025-07-26T19:36:31.875155Z","last_seen":"2026-05-11T00:16:12.013226Z","times_seen":18,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/scripts/jsd/main.js","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 302 Found\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-length: 0\r\nlocation: /cdn-cgi/challenge-platform/h/b/scripts/jsd/4710d66e8fda/main.js?\r\ncache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public\r\naccess-control-allow-origin: *\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\ncf-ray: 97842df7fad28be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9967,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/ren.gif?sid=H4sIAAAAAAAC_4RTTYgcRRuu2YTv8H2HT0U8iIc55KDgzvbf_LQ5BGOMRGMSkmgOIUhVV_VsZWu62qrq6dkFRRMIOY54MZ56npnsJhokHsSLgkwEkYDgeNpD9uLdixDQk_TuwurJF_r9eZ5ueN6fvjEpdkiIgm6fe1NvSKXoSrvlNZ-_JDOuS9s8c7Hpey3vaPOSzDrR0eaodmb4kh9GLe-F5msiWdMrged7nu_5zZPSiFSPVnZZyPxe7LdirxUFLb8dYWT-WdtiCZYugQ93yFOQfPH_X9PLkMkc2eD-CWHXnM5ffHVQKOq0wZBvvZWtZbrMMDhIU9NAmm3tvw1tF4R8sgSdbe13AD2c1R2AyQVZeuYRWLa1LxNseHtPKVMQGRj_H8rhHELNIekcib4OyX8mQMJx5iyyweYZbUq6vsfSml2Qw49_hywX5PCjp5ENvjiu5Kh5QavCSZ1ZjNIKcjSH7M-RF3O4jSXI8gESdw2S_0RWHp9GNpidtUpD8u0jPIh5KEJ_mUZBbzliPbHcY0F7OY0jj7eTbkyDeHdEMp2D2gaK-pENFGkDRd7AgG83I68XJT4NO2nMk64X0SjignlxL_A8GiddFEmtfQyXj5GoMRJzYzPnq25tOHOmELMiS-zEv7MHRfEuuFmDUTzx7xXv5Crohu0g8sOJv30kUyJhaa_NGet1olTEXRbQmLFORP12HPvU67K7l9tRN_JC_wpy8-EdHnZFyJJowrAmxzDFd7CrFSxvwDqCIa9QCoLSEpSUoJQEpSMoh9Vtrmxgq02ubMH8_Rjsx7Caatef0Nva9UVGQM0Yhlczmb9rryNxh6YbqeVTXTvKXDWljFeTfIc8Wa-yMblyBWtiu_lvzcDKCtIu7S5gQy7I63_8glwuyH8eXwOjD2DVAyTyOdDCBy0r0NUKG9ld2i8EbWXCgesKuTsMt96YqB3y7O4lXbjxG0Ty8NjoY_fN1ff_RGIq5KbCVfk9QV_dnJ7XJZmd16UlX57NnRzIDVpf2QVHnTj02RtivdSGnzphx3dfTmqiTu9dFNadphmXWd-Sz49LzoU5qU0iyLen7CXBzhV29XhhsiI_fe6Vk6cGuRHWSp3NQeWCkFv3kcgFeeKH93b_oNbXY0gzhykqDIqHZN-Q5B_A5gfarSYw6oBneQNlUU1NwA5AJQmUOKgpq2D_VrODfGpo_TWV1cTeRN80QN11ZIMKQ1NhqCpQNYYt_jt1uXl47MdbtX0KphpTpkxjxpRRH-2N2MrtZjtgYafX64i0w9OQh0HI47Yn4ojGnSiO2nB2sfrV-tt_BQAA__-Dly4-HwUAAA==","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.471Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grandeursubtlecol.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 11:30:23 GMT","end":"Wed, 12 Nov 2025 11:30:22 GMT"},"fingerprint":{"sha1":"D2:DC:04:F3:99:F7:CC:F9:16:AB:27:0E:65:08:90:79:F5:A1:EA:8A","sha256":"20:71:D7:42:17:00:0F:0F:E0:97:1B:B0:FE:CD:06:B8:18:76:AE:06:7E:60:04:28:C1:CD:51:70:3C:61:C9:EA"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_4RTTYgcRRuu2YTv8H2HT0U8iIc55KDgzvbf_LQ5BGOMRGMSkmgOIUhVV_VsZWu62qrq6dkFRRMIOY54MZ56npnsJhokHsSLgkwEkYDgeNpD9uLdixDQk_TuwurJF_r9eZ5ueN6fvjEpdkiIgm6fe1NvSKXoSrvlNZ-_JDOuS9s8c7Hpey3vaPOSzDrR0eaodmb4kh9GLe-F5msiWdMrged7nu_5zZPSiFSPVnZZyPxe7LdirxUFLb8dYWT-WdtiCZYugQ93yFOQfPH_X9PLkMkc2eD-CWHXnM5ffHVQKOq0wZBvvZWtZbrMMDhIU9NAmm3tvw1tF4R8sgSdbe13AD2c1R2AyQVZeuYRWLa1LxNseHtPKVMQGRj_H8rhHELNIekcib4OyX8mQMJx5iyyweYZbUq6vsfSml2Qw49_hywX5PCjp5ENvjiu5Kh5QavCSZ1ZjNIKcjSH7M-RF3O4jSXI8gESdw2S_0RWHp9GNpidtUpD8u0jPIh5KEJ_mUZBbzliPbHcY0F7OY0jj7eTbkyDeHdEMp2D2gaK-pENFGkDRd7AgG83I68XJT4NO2nMk64X0SjignlxL_A8GiddFEmtfQyXj5GoMRJzYzPnq25tOHOmELMiS-zEv7MHRfEuuFmDUTzx7xXv5Crohu0g8sOJv30kUyJhaa_NGet1olTEXRbQmLFORP12HPvU67K7l9tRN_JC_wpy8-EdHnZFyJJowrAmxzDFd7CrFSxvwDqCIa9QCoLSEpSUoJQEpSMoh9Vtrmxgq02ubMH8_Rjsx7Caatef0Nva9UVGQM0Yhlczmb9rryNxh6YbqeVTXTvKXDWljFeTfIc8Wa-yMblyBWtiu_lvzcDKCtIu7S5gQy7I63_8glwuyH8eXwOjD2DVAyTyOdDCBy0r0NUKG9ld2i8EbWXCgesKuTsMt96YqB3y7O4lXbjxG0Ty8NjoY_fN1ff_RGIq5KbCVfk9QV_dnJ7XJZmd16UlX57NnRzIDVpf2QVHnTj02RtivdSGnzphx3dfTmqiTu9dFNadphmXWd-Sz49LzoU5qU0iyLen7CXBzhV29XhhsiI_fe6Vk6cGuRHWSp3NQeWCkFv3kcgFeeKH93b_oNbXY0gzhykqDIqHZN-Q5B_A5gfarSYw6oBneQNlUU1NwA5AJQmUOKgpq2D_VrODfGpo_TWV1cTeRN80QN11ZIMKQ1NhqCpQNYYt_jt1uXl47MdbtX0KphpTpkxjxpRRH-2N2MrtZjtgYafX64i0w9OQh0HI47Yn4ojGnSiO2nB2sfrV-tt_BQAA__-Dly4-HwUAAA== HTTP/1.1\r\nHost: grandeursubtlecol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl27352413=1; nlecbf85dbb864fe97b2a9bb64a15991a07b=[5474031,5474030]; uid_id2=d29d3e31-a428-4b8e-8b25-f940d5c79a29:1:1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: grandeursubtlecol.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 361e5af4d90a01042752ac82c971ab69\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/fonts/fontello.woff2?21002321","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /fonts/fontello.woff2?21002321 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/css/fontello.css?v=2\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 4772\r\nserver: cloudflare\r\nlast-modified: Fri, 09 May 2025 17:40:58 GMT\r\netag: \"681e3e2a-12a4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iybC%2F6uFB7EBAWXE%2BvJyxyYh6jQDtHFyKWuBex8xRcVv5Zm8YWC1UrBlA76Fm9sjUltgtF4BkVw3BeJOGMdwPhI7hath4mqFtQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 97842df759858be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4772,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 4772, version 1.0","md5":"c7c6d67a9322dcab85f7214751ad977a","sha1":"7d90727a9d50c80ca327daad9355eac60d908f07","sha256":"554419ffc747f420efc1cbd2ac6bd9c31253fce1f04c0890111e3592645ac57b","sha512":"f57a36fefa3b9396c0353515a2034e298986686632e7d9c5c7d3e3ba6ea9b6351916abf854455acc2738a072b52dde2b7564e6144762c6ef6e2fa850fbb24903","ssdeep":"96:yvyF/sFNOg1qJOtCqlhsUjb4ZvYyiINO7L4Al6A2fA/2jG6RNI5pspwO:yvV71qiCqXsUjbovsI2L4Qk4uG+NupMp","tlshash":"faa18e827c7fb6b7e7b600fe0b79f4d8ae46308c4a0b019895e1866e93f0260465d133","first_seen":"2023-06-13T08:47:53Z","last_seen":"2026-01-08T16:17:29.414817Z","times_seen":36,"resource_available":false,"data":null}},"time_used":42,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":41,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/ren.gif?sid=H4sIAAAAAAAC_1RSz2skxR-tzi7fw9eDPxAP4mGOCjLpnumZTLuHxbhGojGJm9UcZA9VXd2T2vR0tVXV05MBJWxg2eMsXlxPNW-SDauLrAfxoiATQSQgOJ5y2Fz8AzwIAT1JJwOjH-jPj35V8N771J1hfkrqyOnJ-ruyL5KEzjeqbuXlTZFyWejK6o2K51bdK5VNkTb9K5VemVT3Na_uV91XKm9F4bacr7me63quV1kSKoplb_4chcgeBV41cKt-reo1fPTUf2edO9DUAe-ekucg-OTp3-MPIcIx0s7ja5HeNjJ79c1OnlAjFbr88P10O5VFis6sjZWDOD2cnobUE0I-m4NMD6cKILv7pQIwMSFzLzwBSw-nNMG6BxdMWYIoBeNPoeiOESVjCDpGKPcg-K8ECDlW15B2HqxKVdCdC5SW6IRcPvsTopiQy0-eR9r5ajERvcqGTHIjZKrRiy1EbwzRHiPLj2D6cxDFEUJzG4L_QubPVpB29td0IiG4PVcv4jGodpCXn3CQxw7yzEGHn1R8t-WHHq0344CHC65PfZ9HzA1aNdelQbiAPCxpDWCyAcJkgFDtIlO72BYDqPwH6C0LzR1oMyHOe7vocosiIig0QUEJCkFQGIKiaw94omvaPuCJzpk3rbVprduRNO0hPZCmHaUEVA2guN0X2Ud6D6G5NOrHmo9kmSgzdkQZt8PslDxbuuYMb97EdnRSYXGrwRlrNf04ChZYjQaMNX3qNYLAo-4CgxYWQs-dG9IXE_L2X78hExPyv7PbYPQIOjlCKF4CzT3QwoJuWfTTh7SdR7SaRgZcWmTmMsyOM0xOyYvnS9u48wei8Phq71Pz3a1P_kaoLDJlcUv8SNBO7o6uy4LsX5eFJl-vZUZ0RJ-WC90w1ESXvngn2imk4svX9ODh62EJlO2jG5E2KzTlIm1r8uWi4DxSS1KFEfl-WW9GbD3XW4u5SvNsZf2NpeVOpiKthUzHoGJCyP3HCMWEPPPTx-ePtfrtPQg1hsotOvkxmQbCbBc6m3HXkkAlM5xlDorcjlSNzX4mgiCJZjNlFvpfM5v1I0XL21TYob6LtnJAzR7SjkVXWXQTC5oMoPP_j0ymjq_-fL-Mz8ESZ8QS5eyzRCX3LizW4qTSqLF6s9VqRnGTx3Ver9V50HCjwKdB0w_8BoyebH2z88E_AQAA__-w458IigQAAA==","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grandeursubtlecol.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 11:30:23 GMT","end":"Wed, 12 Nov 2025 11:30:22 GMT"},"fingerprint":{"sha1":"D2:DC:04:F3:99:F7:CC:F9:16:AB:27:0E:65:08:90:79:F5:A1:EA:8A","sha256":"20:71:D7:42:17:00:0F:0F:E0:97:1B:B0:FE:CD:06:B8:18:76:AE:06:7E:60:04:28:C1:CD:51:70:3C:61:C9:EA"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz2skxR-tzi7fw9eDPxAP4mGOCjLpnumZTLuHxbhGojGJm9UcZA9VXd2T2vR0tVXV05MBJWxg2eMsXlxPNW-SDauLrAfxoiATQSQgOJ5y2Fz8AzwIAT1JJwOjH-jPj35V8N771J1hfkrqyOnJ-ruyL5KEzjeqbuXlTZFyWejK6o2K51bdK5VNkTb9K5VemVT3Na_uV91XKm9F4bacr7me63quV1kSKoplb_4chcgeBV41cKt-reo1fPTUf2edO9DUAe-ekucg-OTp3-MPIcIx0s7ja5HeNjJ79c1OnlAjFbr88P10O5VFis6sjZWDOD2cnobUE0I-m4NMD6cKILv7pQIwMSFzLzwBSw-nNMG6BxdMWYIoBeNPoeiOESVjCDpGKPcg-K8ECDlW15B2HqxKVdCdC5SW6IRcPvsTopiQy0-eR9r5ajERvcqGTHIjZKrRiy1EbwzRHiPLj2D6cxDFEUJzG4L_QubPVpB29td0IiG4PVcv4jGodpCXn3CQxw7yzEGHn1R8t-WHHq0344CHC65PfZ9HzA1aNdelQbiAPCxpDWCyAcJkgFDtIlO72BYDqPwH6C0LzR1oMyHOe7vocosiIig0QUEJCkFQGIKiaw94omvaPuCJzpk3rbVprduRNO0hPZCmHaUEVA2guN0X2Ud6D6G5NOrHmo9kmSgzdkQZt8PslDxbuuYMb97EdnRSYXGrwRlrNf04ChZYjQaMNX3qNYLAo-4CgxYWQs-dG9IXE_L2X78hExPyv7PbYPQIOjlCKF4CzT3QwoJuWfTTh7SdR7SaRgZcWmTmMsyOM0xOyYvnS9u48wei8Phq71Pz3a1P_kaoLDJlcUv8SNBO7o6uy4LsX5eFJl-vZUZ0RJ-WC90w1ESXvngn2imk4svX9ODh62EJlO2jG5E2KzTlIm1r8uWi4DxSS1KFEfl-WW9GbD3XW4u5SvNsZf2NpeVOpiKthUzHoGJCyP3HCMWEPPPTx-ePtfrtPQg1hsotOvkxmQbCbBc6m3HXkkAlM5xlDorcjlSNzX4mgiCJZjNlFvpfM5v1I0XL21TYob6LtnJAzR7SjkVXWXQTC5oMoPP_j0ymjq_-fL-Mz8ESZ8QS5eyzRCX3LizW4qTSqLF6s9VqRnGTx3Ver9V50HCjwKdB0w_8BoyebH2z88E_AQAA__-w458IigQAAA== HTTP/1.1\r\nHost: grandeursubtlecol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27352413=1; nlecbf85dbb864fe97b2a9bb64a15991a07b=[5474031]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 0\r\nHost: grandeursubtlecol.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c6b753c7d7ec15261311939ce3537ed1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=86be1b57d34beb8211a61a0fb677dce0\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=10","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.596Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=86be1b57d34beb8211a61a0fb677dce0\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=10 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e5012698d018e34907f0a1502fb9728e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":665,"timings":{"blocked":282,"dns":1,"connect":93,"send":0,"wait":95,"receive":1,"ssl":190},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/ntv.json?key=bf85dbb864fe97b2a9bb64a15991a07b\u0026vstc=1\u0026uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29%3A1%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb=","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grandeursubtlecol.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 11:30:23 GMT","end":"Wed, 12 Nov 2025 11:30:22 GMT"},"fingerprint":{"sha1":"D2:DC:04:F3:99:F7:CC:F9:16:AB:27:0E:65:08:90:79:F5:A1:EA:8A","sha256":"20:71:D7:42:17:00:0F:0F:E0:97:1B:B0:FE:CD:06:B8:18:76:AE:06:7E:60:04:28:C1:CD:51:70:3C:61:C9:EA"}}},"request":{"raw":"GET /ntv.json?key=bf85dbb864fe97b2a9bb64a15991a07b\u0026vstc=1\u0026uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29%3A1%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb= HTTP/1.1\r\nHost: grandeursubtlecol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27352413=1; nlecbf85dbb864fe97b2a9bb64a15991a07b=[5474031]\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: application/json\r\nContent-Length: 3392\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://aguea.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=d29d3e31-a428-4b8e-8b25-f940d5c79a29:1:1; expires=Mon, 08 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nuncs49=2; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nnlecbf85dbb864fe97b2a9bb64a15991a07b=[5474031,5474030]; expires=Mon, 01 Sep 2025 10:45:47 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 16\r\nHost: grandeursubtlecol.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8f86f0625d4563d190f17bf19dfb1f68\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4364,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"618d4d107f8d960c5455a63d5f358230","sha1":"8797fe2803b213826fec5a68835b135f2fc23f25","sha256":"f01d70d0263741b0abffc2b09f9a16560013704def51349ff28e93b24163a354","sha512":"4b1b5f1d8ad471c0996e529cdaecfa0d93aee93c919afad7d0059736137bd1a4aa4d5501edd99862bfe69d37a4d0d72759d7073df71fbec0e785f5efb4ab77ff","ssdeep":"96:vhdr8tiP3nMY3SQwUizdNAZTWx1tri9etha3IWDp+mkgrEI2OyGptnyzG:vhdCKv3SQpaNTdDO3bnkgwI5XR","tlshash":"65915c60845c41642f596deb4d1f4af61e492317e7c8f880417d91294c372aeedd8946","first_seen":"2025-09-01T10:46:10.308584Z","last_seen":"2025-09-01T10:46:10.308584Z","times_seen":1,"resource_available":false,"data":null}},"time_used":114,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":113,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=fbf7c04e669126c400d669cb6e625736\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=10","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.599Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=fbf7c04e669126c400d669cb6e625736\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=10 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3b5e1eb72d86df3c6570d82210983853\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":664,"timings":{"blocked":280,"dns":1,"connect":93,"send":0,"wait":98,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/css/style.css?v=19","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /css/style.css?v=19 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 09 May 2025 17:40:56 GMT\r\nvary: Accept-Encoding\r\netag: \"681e3e28-8606\"\r\nexpires: Mon, 01 Sep 2025 13:52:10 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 32010\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mmormjCDIY3wzSv0xLh04zTjs%2FmMFhz0X3vNcC5JZuU6Ad9oOWxnU%2FlU7spdUO9VIWIo4hWVACpUXXALSAN1iyNVUAQJjJuAbg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 97842df368948be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":34310,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"86415018b703d90576c8037391b07104","sha1":"0f8d8ec26fd8940f38b9fa6a92b998368b599ca7","sha256":"2c46bc2fbaeb3c37e2d176ba0174d26231bdd08bccdb189b5f66e487c7256745","sha512":"168dea5d953c599081ef24fb0a27cdd037c08c76718529869c53950d3cfbf29337bae493e0f077bcbf3210309b8915a4cb61f1f3bd2cd4cbeb6ecb0f0006d404","ssdeep":"768:X3R8gF2B6/oFBdiUucd2FnFO8NyFglFSNwpFhfFJXG9FhvlhcZDpFurNnF1CfUXW:Xh8gcBrLdiUtcV48NyEASpbfq9PvzcZD","tlshash":"07f276938bb112a4b437a2183a976b8873565003d50fceb87ed4610cdfcd5d975e2bca","first_seen":"2025-07-26T19:36:31.897335Z","last_seen":"2025-10-25T09:24:38.765216Z","times_seen":4,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net//fonts/fontello.woff2?21002321","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.042Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET //fonts/fontello.woff2?21002321 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://aguea.net/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 4772\r\nserver: cloudflare\r\nlast-modified: Fri, 09 May 2025 17:40:58 GMT\r\netag: \"681e3e2a-12a4\"\r\nstrict-transport-security: max-age=31536000\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=S1O2M%2F6PgmkrMRtuprCVg9F3rysBb5%2B%2FCqjPYKt0FMHOdxQn879VH3zQaCjG8GEAnnUA6Hx%2FhI8hXugrRxke8gOKp1SfF3B25A%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 97842df378978be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4772,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 4772, version 1.0","md5":"c7c6d67a9322dcab85f7214751ad977a","sha1":"7d90727a9d50c80ca327daad9355eac60d908f07","sha256":"554419ffc747f420efc1cbd2ac6bd9c31253fce1f04c0890111e3592645ac57b","sha512":"f57a36fefa3b9396c0353515a2034e298986686632e7d9c5c7d3e3ba6ea9b6351916abf854455acc2738a072b52dde2b7564e6144762c6ef6e2fa850fbb24903","ssdeep":"96:yvyF/sFNOg1qJOtCqlhsUjb4ZvYyiINO7L4Al6A2fA/2jG6RNI5pspwO:yvV71qiCqXsUjbovsI2L4Qk4uG+NupMp","tlshash":"faa18e827c7fb6b7e7b600fe0b79f4d8ae46308c4a0b019895e1866e93f0260465d133","first_seen":"2023-06-13T08:47:53Z","last_seen":"2026-01-08T16:17:29.414817Z","times_seen":36,"resource_available":false,"data":null}},"time_used":76,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":76,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://aguea.net\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=99d649c0-39b7-45ea-83fa-a4214bac83e6:1:1; expires=Thu, 30 Aug 2035 10:45:41 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"fe9386a23035a957945ba728683dbc25","sha1":"11446fd26e6ee77099aea67ecbfc516263e15712","sha256":"b1952310678d7e8595d3e84f1bf60ba06810e84e1ac6dd81443dfac117426ac5","sha512":"df9d3653d26c005eac8a1cab01450210d18e60ce1726215648e2d3915f3a2d440e3794fe86f5ba2a7ded895070375b3939a2f02fb0d0a658bcd8c92c9f8ba719","ssdeep":"","tlshash":"c89004155451c45543147153100d70145445c47d4d0530105405dd57401031c0c70f41","first_seen":"2025-09-01T10:46:10.310469Z","last_seen":"2025-09-01T10:46:10.310469Z","times_seen":1,"resource_available":false,"data":null}},"time_used":319,"timings":{"blocked":145,"dns":35,"connect":21,"send":0,"wait":21,"receive":0,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/53/23/86/5323869a8beda1d7db01e9c875b2f49f.js","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.777Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grandeursubtlecol.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 11:30:23 GMT","end":"Wed, 12 Nov 2025 11:30:22 GMT"},"fingerprint":{"sha1":"D2:DC:04:F3:99:F7:CC:F9:16:AB:27:0E:65:08:90:79:F5:A1:EA:8A","sha256":"20:71:D7:42:17:00:0F:0F:E0:97:1B:B0:FE:CD:06:B8:18:76:AE:06:7E:60:04:28:C1:CD:51:70:3C:61:C9:EA"}}},"request":{"raw":"GET /53/23/86/5323869a8beda1d7db01e9c875b2f49f.js HTTP/1.1\r\nHost: grandeursubtlecol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2570\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: grandeursubtlecol.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8bba7fad4d4aa97e22b6a234502f3480\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5080,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5080), with no line terminators","md5":"a524ecfbd97124fd2e9c3f6ad371ca23","sha1":"a281b89a51cfe367f92816be50eba55ccc0eaee6","sha256":"5549a01f3d1c788c8e44dc8a54e5c9103880b5608d3b44e0a0ea4ebd124dc18f","sha512":"dbfa06ea3faf0b6451668b8634e61e52c71ac098f26b08551cac54344128a205b2378e56953102dda758aa63fab8ed1e22c3a74eda39a154caff8f2b6b3bdee5","ssdeep":"96:WhmlSzNzYF4RWz3qVeBYJ2gzAKAYaR/tCP/KZhWAEGo:SmAz+60BSF81RM3KZoGo","tlshash":"b1a1618e3f81b4ac069270372f3f6e0ef13a5c55195ad4d8d202a0a47f28a39d4b6b55","first_seen":"2025-08-06T23:31:31.906679Z","last_seen":"2025-09-26T10:32:45.122277Z","times_seen":4581,"resource_available":true,"data":null}},"time_used":706,"timings":{"blocked":303,"dns":27,"connect":91,"send":0,"wait":94,"receive":1,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/cdn-cgi/challenge-platform/h/b/scripts/jsd/4710d66e8fda/main.js?","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.784Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/4710d66e8fda/main.js? HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public\r\nx-content-type-options: nosniff\r\npriority: u=3,i=?0\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 97842df82b408be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9967,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (9967), with no line terminators","md5":"4f05f9a38fd3d2cdd3b862e603612b0c","sha1":"b1acab275e8656c041441278accd58398006e11d","sha256":"b8f510db75de879a19a04dc7b8d6482af990b5d69bf7d1bdbfd2f7fce9d4de48","sha512":"5a5db3994dc28cf19dd70f8b334b62ef6e0b946f532110866ca37d654a3863937d0b0975fecaaa9f20c6be5cf13340f1d72ed0ae4930d6be5b428f863b792400","ssdeep":"192:Tp1KKX0rI28xKiK4ss5Wf/QWCv/JVl/X3Uclluf3tXs:V1KKX0sKiK4J5IYjzl/XEmY5s","tlshash":"f42218d7f988e1fec25999f50ebbe4f6114a9e9d21a13e09d21358687e30f40a40ff49","first_seen":"2025-09-01T10:30:47.008792Z","last_seen":"2025-09-01T10:46:10.311998Z","times_seen":2,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/96/8c/a9/968ca96c6ec6d68895fc74f04956403c/1723680009.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.323Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/96/8c/a9/968ca96c6ec6d68895fc74f04956403c/1723680009.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 146537\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 15 Aug 2024 00:00:10 GMT\r\netag: \"66bd450a-23c69\"\r\nexpires: Wed, 03 Sep 2025 10:45:42 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146537,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced","md5":"1f2136906f3dbb2445c9c5d81b318a26","sha1":"c654f1728ac8e463d05f6ad898e758ce7e60c680","sha256":"db25c6f2b7fd65d8fcb54e70f4c65473a46a61576bac351f324ca79c99224330","sha512":"b8a2c580dcbd91ce84a0b0c7a3daa3063ab434973c6bb46f8647cab33553ade9bcf7089c0919a1e6855c35faa53d07f78c21cbcd1b325b1545aa34706d8eec9c","ssdeep":"3072:uX1rPUPNaFn/Kk/r7jS5DZAakRvnjCmRr2aANQpPXKtO:8jWy/lD7ODAhWaiQpL","tlshash":"29e312fd8f24c17481a6a7626085aa6fdea4c21846f994fe05c8631ffc5f219f38c660","first_seen":"2024-12-23T03:33:29.529981Z","last_seen":"2025-09-22T09:24:18.282012Z","times_seen":348,"resource_available":false,"data":null}},"time_used":159,"timings":{"blocked":24,"dns":1,"connect":19,"send":0,"wait":38,"receive":48,"ssl":25},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/ren.gif?sid=H4sIAAAAAAAC_1RSzYscxRuu3oTf4efBD8SDeJiDBwV3tr_mo80hGGMkGneXbHQPkkNVV_VsZXu62qru6dkBJWYh5DjBi_HU88xu1miQeBAvCjIriCwIjqc9ZC_-AR6EBT1J7w6MvtDv-z79VMHzPm_dHuVHxENOD1ffUQMZx3SpUbdrL63LhKvC1Jav1Ry7bp-rrcuk6Z-r9auke686nl-3X669KcJNteTajm07tlO7JLWIVH_phIVMHwZOPbDrvlt3Gj76-r_Y5BYMtcB7R-QZSD598vfofchwgqT76KIwm5lKX3mjm8c0Uxo9vvduspmoIkF33kbaQpTszU5DmSkhny5AJXuzCaB6O9UEYHJKFp57DJbszWSC9XZPlbIYIgHjT6DoTSDiCSSdIFTbkPxXAoQcyytIuveXlS7o1ilLK3ZKzh7_CVlMydnHzyLpfnUhlv3amorzTKrEoB-VkP0JZGeCNN9HNliALPYRZrcg-S9k6fgKku7OiokVJD98kbsB94TnLFLfbS_6rC0W28xtLEaBb_NG2AqoG5xYJKMJqLGQV5-0kEcW8tRClx_WfLvthw71mlHAw5btU9_ngtlB27VtGoQt5GGlfYgsHSKMhwj1TaT648-51xIeC_0Rw6YcQuc_wGyUMNyCyQh6vEQhCApDUFCCQhIUGUHRK3d5bFxT3uexyZkzq-6seuVYZZ0R3VVZRyQEVA-hebkj0w_MNsLszHgQGT5WVaIsK8eU8XKUHpGnK4et0fXr2BSHNRa1G5yxdtOPRNBiLg0Ya_rUaQSBQ-0Wg5ElpFk48WUgp-Stv35DKqfkf8e3wOg-TLyPUL4AmjugRQm6UWKQPKCdXNB6IjJwVSLNziLbskbxEXn-ZMFrt_-ACA_O9z_Jvrvx0d8IdYlUl7ghfyToxHfGV1VBdq6qwpCvV9JMduWAVstfy2gmznzxttgqlOaXL5rhg9fCiqjah9eEya7QhMukY8iXFyTnQl9SOhTk-8tmXbDV3GxcyHWSp1dWX790uZtqYYxUyQRUTgm59wihnJKnfvrw5GHXv70LqSfQeYlufkBmgTC9CZPOtRtFoOM5z1ILRV6OtcvmP2NJEIs5pqyE-Rdm836saXWbynJk7qCjLdBsG0m3RE-X6MUlaDyEyf8_zlJ9cP7ne1V8BhZbYxZra4fFOr57arGRh7WGy7xmu90UUZNHHvdcjwcNWwQ-DZp-4DeQmenGN1vv_RMAAP__NhDwYbYEAAA=","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.344Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grandeursubtlecol.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 11:30:23 GMT","end":"Wed, 12 Nov 2025 11:30:22 GMT"},"fingerprint":{"sha1":"D2:DC:04:F3:99:F7:CC:F9:16:AB:27:0E:65:08:90:79:F5:A1:EA:8A","sha256":"20:71:D7:42:17:00:0F:0F:E0:97:1B:B0:FE:CD:06:B8:18:76:AE:06:7E:60:04:28:C1:CD:51:70:3C:61:C9:EA"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSzYscxRuu3oTf4efBD8SDeJiDBwV3tr_mo80hGGMkGneXbHQPkkNVV_VsZXu62qru6dkBJWYh5DjBi_HU88xu1miQeBAvCjIriCwIjqc9ZC_-AR6EBT1J7w6MvtDv-z79VMHzPm_dHuVHxENOD1ffUQMZx3SpUbdrL63LhKvC1Jav1Ry7bp-rrcuk6Z-r9auke686nl-3X669KcJNteTajm07tlO7JLWIVH_phIVMHwZOPbDrvlt3Gj76-r_Y5BYMtcB7R-QZSD598vfofchwgqT76KIwm5lKX3mjm8c0Uxo9vvduspmoIkF33kbaQpTszU5DmSkhny5AJXuzCaB6O9UEYHJKFp57DJbszWSC9XZPlbIYIgHjT6DoTSDiCSSdIFTbkPxXAoQcyytIuveXlS7o1ilLK3ZKzh7_CVlMydnHzyLpfnUhlv3amorzTKrEoB-VkP0JZGeCNN9HNliALPYRZrcg-S9k6fgKku7OiokVJD98kbsB94TnLFLfbS_6rC0W28xtLEaBb_NG2AqoG5xYJKMJqLGQV5-0kEcW8tRClx_WfLvthw71mlHAw5btU9_ngtlB27VtGoQt5GGlfYgsHSKMhwj1TaT648-51xIeC_0Rw6YcQuc_wGyUMNyCyQh6vEQhCApDUFCCQhIUGUHRK3d5bFxT3uexyZkzq-6seuVYZZ0R3VVZRyQEVA-hebkj0w_MNsLszHgQGT5WVaIsK8eU8XKUHpGnK4et0fXr2BSHNRa1G5yxdtOPRNBiLg0Ya_rUaQSBQ-0Wg5ElpFk48WUgp-Stv35DKqfkf8e3wOg-TLyPUL4AmjugRQm6UWKQPKCdXNB6IjJwVSLNziLbskbxEXn-ZMFrt_-ACA_O9z_Jvrvx0d8IdYlUl7ghfyToxHfGV1VBdq6qwpCvV9JMduWAVstfy2gmznzxttgqlOaXL5rhg9fCiqjah9eEya7QhMukY8iXFyTnQl9SOhTk-8tmXbDV3GxcyHWSp1dWX790uZtqYYxUyQRUTgm59wihnJKnfvrw5GHXv70LqSfQeYlufkBmgTC9CZPOtRtFoOM5z1ILRV6OtcvmP2NJEIs5pqyE-Rdm836saXWbynJk7qCjLdBsG0m3RE-X6MUlaDyEyf8_zlJ9cP7ne1V8BhZbYxZra4fFOr57arGRh7WGy7xmu90UUZNHHvdcjwcNWwQ-DZp-4DeQmenGN1vv_RMAAP__NhDwYbYEAAA= HTTP/1.1\r\nHost: grandeursubtlecol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27352413=1; nlecbf85dbb864fe97b2a9bb64a15991a07b=[5474031]; uid_id2=d29d3e31-a428-4b8e-8b25-f940d5c79a29:1:1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: grandeursubtlecol.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ebe491d8e7cbb659f5266c7866e07f90\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":143,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/e3/fe/5d/e3fe5d9c947fc63c4f611ff952cc0c27/1723680007.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.478Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/e3/fe/5d/e3fe5d9c947fc63c4f611ff952cc0c27/1723680007.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 148047\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 15 Aug 2024 00:00:09 GMT\r\netag: \"66bd4509-2424f\"\r\nexpires: Wed, 03 Sep 2025 10:45:42 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":148047,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced","md5":"9e78e667e70a61f520b72b037ab6c574","sha1":"be19430b97835edc1778bfdf4856342eb75837b2","sha256":"ff12f12c7e8bab231a396118ec50a7aad9d176d0b776929554af094f5a4d1546","sha512":"2a22b06b1a9f1ce04c452a92bddcba5553d528152133e3ab7cd4d00cf52173545022080ce598bda86413ad2162af254e7a659dd54359761f1220c3b5550b27b6","ssdeep":"3072:OM0DJlnyu84z0G5Amgn+W0dZoz8lrEQneF8yE1DYwM+eA+GXPwPo3N1SgCXYPHmE:gDjyu8eAtyZqQQ4JvXPMKggXPm81","tlshash":"e0e312b62a730775a40a92ed96a6c03b019f1fe10860541fc7409e572dfef8b516efb2","first_seen":"2024-08-21T10:19:04.46524Z","last_seen":"2025-09-22T08:44:52.84854Z","times_seen":286,"resource_available":false,"data":null}},"time_used":37,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":20,"receive":17,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/logo.png","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.046Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /logo.png HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 09 May 2025 17:39:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"681e3db7-bfea\"\r\nexpires: Sun, 28 Sep 2025 07:41:34 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 270246\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZR3apXnKaWtjOKICoBXd5R1N%2BqcGE7cy6dCTD32b6OBfPkRMaDsu8hhiLAqDfw1x0zP4aegCuNsByPFcC7qQX7a4lGm%2FYvPAXQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 97842df378a48be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":49130,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGBA, non-interlaced","md5":"831d5a8f163bc7344ec385be01f50cf0","sha1":"33a352556853a67d2c5d5374fac4aa2e698db5a2","sha256":"43260b1ba4a6d3ad579b138788b1c8124c7a99433c87a9b0add56e9bbf81dfd1","sha512":"e42ae3fd3bdb2e10cd084933faa921ce67113dfb533f6b3bbf13072e02e9ee31f79d8ddbf912292313c3590ed1c432a8b500c0ad8b3e04fa92bafe964eb3c31e","ssdeep":"768:pEg5Qu3u1ypFyHHEPT9GHdPXCjIFfrz09W/mTvrkMyDLcgKZ9tF:poD1MFy8T9Yd6WP0wArbUcfZ9tF","tlshash":"6a23e104dd5885214656e0919be74a20ef12ceb459bab29030bfed8fe823f71ad4bcc5","first_seen":"2025-07-26T19:36:31.855293Z","last_seen":"2025-12-05T22:28:10.02545Z","times_seen":15,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"odourtaste.com/bf85dbb864fe97b2a9bb64a15991a07b/invoke.js","fqdn":"odourtaste.com","domain":"odourtaste.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"odourtaste.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 16 Jul 2025 22:31:04 GMT","end":"Tue, 14 Oct 2025 22:31:03 GMT"},"fingerprint":{"sha1":"03:11:16:76:76:0D:E8:49:0C:F4:09:05:CA:47:1D:31:89:46:DC:F2","sha256":"23:23:33:96:F9:E1:E7:77:61:E2:8D:C6:25:07:90:E3:4D:76:B3:D7:41:F4:F4:EC:53:0F:95:97:B3:7B:5A:C1"}}},"request":{"raw":"GET /bf85dbb864fe97b2a9bb64a15991a07b/invoke.js HTTP/1.1\r\nHost: odourtaste.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 12498\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: odourtaste.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 24a29bd2f1cefa092a1f5737d8ab798a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31064,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31062), with no line terminators","md5":"f20d4410a34597e4cabb84b19a897de4","sha1":"5a4a09f9f1d20c9cd4b5f4204cc64c39d3f2f96c","sha256":"2d88732358a675ea99dc4d14486e99dc91f88944fbb03871036ac20efb3198a3","sha512":"030abdb07fbb17b29d4a79ae75353d4865e78f05c198183c36343d839a1ef3f0c3372a68783c0fe498402bfe28f96c0a7668e91620542fcae3737e56d36db54b","ssdeep":"768:5dAJfLHRgMJ0/57czwG4ZuraJEOlhPm7x:+LHRaaMw1x","tlshash":"43d2d7eb7f10b3bc129b9473263f440ae3391c02f5c8c75dd976d6952a9c30a897a6d8","first_seen":"2025-09-01T10:46:10.315152Z","last_seen":"2025-09-01T10:46:10.315152Z","times_seen":1,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"odourtaste.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:07:02 GMT","end":"Sat, 29 Nov 2025 00:07:01 GMT"},"fingerprint":{"sha1":"AD:4F:15:9E:60:62:A7:16:BA:4B:37:64:C6:01:6B:2B:99:47:89:BE","sha256":"44:74:EA:98:35:48:9C:28:63:20:61:17:18:F6:2B:0A:57:68:36:F4:EF:B0:67:1E:C0:7C:41:30:13:2C:02:F1"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b42023127ef722e58380fb6c9803110d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":74,"dns":1,"connect":36,"send":0,"wait":23,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"odourtaste.com/86/be/1b/86be1b57d34beb8211a61a0fb677dce0.js","fqdn":"odourtaste.com","domain":"odourtaste.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.044Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"odourtaste.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 16 Jul 2025 22:31:04 GMT","end":"Tue, 14 Oct 2025 22:31:03 GMT"},"fingerprint":{"sha1":"03:11:16:76:76:0D:E8:49:0C:F4:09:05:CA:47:1D:31:89:46:DC:F2","sha256":"23:23:33:96:F9:E1:E7:77:61:E2:8D:C6:25:07:90:E3:4D:76:B3:D7:41:F4:F4:EC:53:0F:95:97:B3:7B:5A:C1"}}},"request":{"raw":"GET /86/be/1b/86be1b57d34beb8211a61a0fb677dce0.js HTTP/1.1\r\nHost: odourtaste.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38490\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: odourtaste.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e0950e9aa0eb37f587788a90ab9d6f2e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":105890,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"a2eb549efbcc9062a8008716d4444725","sha1":"7f1ae8b78c8d1b2956e3f8b71752f6d6afce4083","sha256":"8e9e6320700bf76f063ffedb319c0894fb1aee5f93eff60a995c2a498aa0fa09","sha512":"12e09d7d9c4e8fce918d901ba2749b6dfe509b0804dc5ea2d8678e8d5f6850c9d0a37ace506a5ff05fb5dad28ab288371d340be34891b9fdf77d98ad83345447","ssdeep":"1536:dxIEKRqXVJi5sbaeBvat/xp1P2PNrdMCC2cevmiwB/BDMCGS5Y:0KVJi5s7ahxp521rcuZwHoj","tlshash":"b0a3a8487f90fcbe02566033663f951bf1aa0e415958c988d11afdb42a3c31bfa3da75","first_seen":"2025-09-01T10:46:10.316124Z","last_seen":"2025-09-01T10:46:10.316124Z","times_seen":1,"resource_available":true,"data":null}},"time_used":837,"timings":{"blocked":315,"dns":41,"connect":93,"send":0,"wait":99,"receive":96,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"odourtaste.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"odourtaste.com/bf85dbb864fe97b2a9bb64a15991a07b/invoke.js","fqdn":"odourtaste.com","domain":"odourtaste.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.047Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"odourtaste.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Wed, 16 Jul 2025 22:31:04 GMT","end":"Tue, 14 Oct 2025 22:31:03 GMT"},"fingerprint":{"sha1":"03:11:16:76:76:0D:E8:49:0C:F4:09:05:CA:47:1D:31:89:46:DC:F2","sha256":"23:23:33:96:F9:E1:E7:77:61:E2:8D:C6:25:07:90:E3:4D:76:B3:D7:41:F4:F4:EC:53:0F:95:97:B3:7B:5A:C1"}}},"request":{"raw":"GET /bf85dbb864fe97b2a9bb64a15991a07b/invoke.js HTTP/1.1\r\nHost: odourtaste.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 12510\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: odourtaste.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5184a5e2a6a1700de857b4f24bae3766\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31036,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (31034), with no line terminators","md5":"07526de38aad93279acc2b79c4882b83","sha1":"c5403c5d3dae8092d6f8b56f4e7cc0fb4e90d64a","sha256":"d2497f9da28f1036c793bc7bba0cd2bd847cf050d14a09f6741c13576a74b9f8","sha512":"b6f27578f6ae60930e6f23a98671e69cfd538bfed3696f36f7eda899b72585ad448cda6bae29d938c0c90b1665741990db9d5283827ce8df5c62fc18210942aa","ssdeep":"768:5dAJfLHRgGJo/57czwG6ZuraJEOlhPm7d:+LHRiaM01d","tlshash":"b4d2d7db7f10b3bd129b9473263f440ae3391c02f5c8c75dd976d6952a8c30b896a6e8","first_seen":"2025-09-01T10:46:10.31717Z","last_seen":"2025-09-01T10:46:10.31717Z","times_seen":1,"resource_available":true,"data":null}},"time_used":741,"timings":{"blocked":315,"dns":36,"connect":96,"send":0,"wait":101,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"odourtaste.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.622Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /9c/5d/14/9c5d14453d6b11cdec5b98e5ce5af0dc.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 2570\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 965f8c73f46db27e90d2ac70bec2e6ce\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5080,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (5080), with no line terminators","md5":"a524ecfbd97124fd2e9c3f6ad371ca23","sha1":"a281b89a51cfe367f92816be50eba55ccc0eaee6","sha256":"5549a01f3d1c788c8e44dc8a54e5c9103880b5608d3b44e0a0ea4ebd124dc18f","sha512":"dbfa06ea3faf0b6451668b8634e61e52c71ac098f26b08551cac54344128a205b2378e56953102dda758aa63fab8ed1e22c3a74eda39a154caff8f2b6b3bdee5","ssdeep":"96:WhmlSzNzYF4RWz3qVeBYJ2gzAKAYaR/tCP/KZhWAEGo:SmAz+60BSF81RM3KZoGo","tlshash":"b1a1618e3f81b4ac069270372f3f6e0ef13a5c55195ad4d8d202a0a47f28a39d4b6b55","first_seen":"2025-08-06T23:31:31.906679Z","last_seen":"2025-09-26T10:32:45.122277Z","times_seen":4581,"resource_available":true,"data":null}},"time_used":655,"timings":{"blocked":278,"dns":1,"connect":93,"send":0,"wait":93,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/ntv.json?key=bf85dbb864fe97b2a9bb64a15991a07b\u0026vstc=1\u0026rb=","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.778Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grandeursubtlecol.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 11:30:23 GMT","end":"Wed, 12 Nov 2025 11:30:22 GMT"},"fingerprint":{"sha1":"D2:DC:04:F3:99:F7:CC:F9:16:AB:27:0E:65:08:90:79:F5:A1:EA:8A","sha256":"20:71:D7:42:17:00:0F:0F:E0:97:1B:B0:FE:CD:06:B8:18:76:AE:06:7E:60:04:28:C1:CD:51:70:3C:61:C9:EA"}}},"request":{"raw":"GET /ntv.json?key=bf85dbb864fe97b2a9bb64a15991a07b\u0026vstc=1\u0026rb= HTTP/1.1\r\nHost: grandeursubtlecol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: application/json\r\nContent-Length: 3108\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://aguea.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: pdhtkv=true; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nu_pl27352413=1; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nnlecbf85dbb864fe97b2a9bb64a15991a07b=[5474031]; expires=Mon, 01 Sep 2025 10:45:47 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 18\r\nHost: grandeursubtlecol.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9f542c1b7be53d9365323980eca6ce67\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4005,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"b3db45c5ba78ffa09877184b58feccb2","sha1":"fcc9659b685889f4dad2c696fd018da17d145b9e","sha256":"4fe9628bff7f879e438541f0b96ce90e1f60792dd7ed1c8f7ee522f2c1db2a62","sha512":"5d466bc70f296b9dc0217afb53c2ae73f47ce9beed6eb57e6839c905ec6fb247cda9ba1e2020e9bc8e998e0118454b3b0708023b6b3443b129a6563e48fba04d","ssdeep":"","tlshash":"5f815d7fd55d08661bd4fd2d13e52a790dd1521b92ccbb8ec4243a7a2129408437f564","first_seen":"2025-09-01T10:46:10.318006Z","last_seen":"2025-09-01T10:46:10.318006Z","times_seen":1,"resource_available":false,"data":null}},"time_used":731,"timings":{"blocked":306,"dns":27,"connect":95,"send":0,"wait":113,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.158Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5847ca0f777212ef88b1d6a8e1d4d2b4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":25,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/apple-touch-icon.png","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.573Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /apple-touch-icon.png HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nCookie: dom3ic8zudi28v8lr6fgphwffqoz0j6c=d29d3e31-a428-4b8e-8b25-f940d5c79a29%3A1%3A1; pp_main_86be1b57d34beb8211a61a0fb677dce0=1; cf_clearance=BLs3P9FZeQ963kR9xYm14yga_QyzyDuhfczlPXTLrq4-1756723542-1.2.1.1-PH4FCUe99mYByk93LLPQtGsoeYz6rkNfF5Qr2cCv_ftFgADQq4pgjapRyx6zzb317B3okuE06uMj8AzVK_vj46jNMQRDY3gE428DLPuAf.JnEMzDkxblY1ZqAanL6qTYzT2gBJuk.wghjqiKS8cAQQ2BZ45A6F3u6s1QzPUnNX_JwDFqAaJkyQkIExKc1Fxd682_j9x9yJjf4OW_QxJ4NinOP2Deyb4I_gHJ78TriTk; m5a4xojbcp2nx3gptmm633qal3gzmadn=grandeursubtlecol.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:42 GMT\r\ncontent-type: image/png\r\nserver: cloudflare\r\nlast-modified: Fri, 09 May 2025 17:39:03 GMT\r\nvary: Accept-Encoding\r\netag: W/\"681e3db7-3544\"\r\nexpires: Sun, 28 Sep 2025 07:22:59 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 271363\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3LJjufKvERfrpK8qe%2FIr5r02FQfxH4dWTaL4G964Uq8ACFnHrlrR%2Fz8REXtaUiRC%2FZ0s0zvDjTcFWzqRFtCxvOhCw4eH9tLP5Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 97842dfd1e3a8be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13636,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 180 x 180, 8-bit/color RGBA, non-interlaced","md5":"21c7db8f4bf65026821a4d5210f6485b","sha1":"ab6591e54b0af16773689dfbda744d9e2b7b6b11","sha256":"bcb07f36d44c1863848d6f1385ea8535529035c505678c42a5e9892dd4f19d54","sha512":"f40acdcb8a748989b9fba6693bfdd8008fb59d21b88afd1c8c91022cdee41cb25af862bb4aaca64fcc7365f8b160e320ddbeb4211de369ea89919c36a5e24693","ssdeep":"384:N1neFLgYpEgxGTnsxZGbU8iSJ38QMB3opMOpQ61k:feF0pgxUnsxUUisQtpMOp/k","tlshash":"ce52bf79c8fda27e1d50a5ef6c183400987c7456f86037cabb592605e23c06ba6a287a","first_seen":"2025-09-01T10:46:10.319412Z","last_seen":"2025-12-03T14:06:51.396885Z","times_seen":11,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"aguea.net/css/fontello.css?v=2","fqdn":"aguea.net","domain":"aguea.net","tld":"net"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.040Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"aguea.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 06 Jul 2025 03:14:38 GMT","end":"Sat, 04 Oct 2025 04:12:16 GMT"},"fingerprint":{"sha1":"B2:CE:C1:73:5A:0E:34:54:98:16:9D:91:34:3C:03:47:75:E0:E5:68","sha256":"2D:8D:27:FA:6C:BA:D0:C6:95:07:31:90:AB:0D:C3:F8:86:A1:38:10:32:C8:A0:FE:9D:F2:F6:63:15:91:14:46"}}},"request":{"raw":"GET /css/fontello.css?v=2 HTTP/1.1\r\nHost: aguea.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 01 Sep 2025 10:45:41 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 09 May 2025 17:40:56 GMT\r\nvary: Accept-Encoding\r\netag: \"681e3e28-7ee\"\r\nexpires: Mon, 01 Sep 2025 13:52:10 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nage: 32010\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XKg9uXHl87ZpJk2iakCWW2pa3sIni1uLFtysa9WhWtUFUmhDy5bSyxhs1UJu%2BuEPmUrH1tSFZPTd%2FHEtE4Eho4IZwbqi%2FUihUw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 97842df378968be6-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":2030,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text","md5":"6fe4fa457949c72606b1a9b695cdca89","sha1":"df0b414bd03cfc6be6f233edc05904e67ea2ba22","sha256":"39ae9bed4da120bcf6694a11d90071b9de97599a02fbc2753c7a8504ba3c54b9","sha512":"6f457aa483a0cf83eff9ddc8af41e74293d3138e57a771e9856c1765cb22061929375c9affb840ace41fdec8656ce80d4ab830a12e017f2d7668f63f8e5ccee4","ssdeep":"","tlshash":"3a415bf28988109107d696463bcbb6649f0cf1196982cd83f14b5a9cdffa25483f63dd","first_seen":"2025-07-26T19:36:31.946552Z","last_seen":"2025-12-05T22:28:10.008517Z","times_seen":15,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=947\u0026rd=947\u0026fd=557\u0026bv=25.8.5278\u0026tmpl=70","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.619Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=947\u0026rd=947\u0026fd=557\u0026bv=25.8.5278\u0026tmpl=70 HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-06T01:09:43.978719Z","times_seen":16160175,"resource_available":true,"data":null}},"time_used":679,"timings":{"blocked":292,"dns":1,"connect":97,"send":0,"wait":96,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.624Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 870b9b1a02a7b9d735fd1dc762e0c13e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":197,"timings":{"blocked":74,"dns":1,"connect":34,"send":0,"wait":23,"receive":19,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"torchfriendlypay.com/fb/f7/c0/fbf7c04e669126c400d669cb6e625736.js","fqdn":"torchfriendlypay.com","domain":"torchfriendlypay.com","tld":"com"},"ip":{"addr":"192.243.61.225","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:41.628Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"torchfriendlypay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:09:22 GMT","end":"Tue, 25 Nov 2025 22:09:21 GMT"},"fingerprint":{"sha1":"11:D6:40:9F:C0:3E:93:5F:D7:10:AB:88:ED:35:EF:8D:BC:BA:B6:BE","sha256":"46:DD:4D:E7:2C:ED:72:DC:3F:71:6D:46:29:34:DC:D7:AC:E1:73:91:92:2F:5C:B4:86:3E:AE:F7:FB:A4:58:10"}}},"request":{"raw":"GET /fb/f7/c0/fbf7c04e669126c400d669cb6e625736.js HTTP/1.1\r\nHost: torchfriendlypay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:41 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29355\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: torchfriendlypay.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bb90c682d7550e224991ea837b7905c5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":72595,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"ba6c29abbd003f4f2e7c3a7e739d5856","sha1":"73c2e53510830237603d13fe4c78bdf07ca3d243","sha256":"d2426622f87c50d8ed2868d6882a1c31a261847344a29170269d7629a92f4ca5","sha512":"f639090eae4a13513aa80b069c59a46cf7e93ce1fa4f5eca469abdbaa438226780175676809e462431348d46081ecf8b07e252001299a2c09339fd1dadebfa9a","ssdeep":"768:Y2bnYsmTSkqw648+QhS8u+Jcj/XcdNjN5mOdY08kUbTehzbcepwOf:Y2bngq4x5O+jvc9dY0U3f4","tlshash":"a063d7483f91b27802e6b8fa712fa61af0265c1195d8e0d8f503f4ddae66719f035f25","first_seen":"2025-09-01T10:46:10.32116Z","last_seen":"2025-09-01T10:46:10.32116Z","times_seen":1,"resource_available":true,"data":null}},"time_used":751,"timings":{"blocked":275,"dns":1,"connect":91,"send":0,"wait":98,"receive":92,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"torchfriendlypay.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"grandeursubtlecol.com/ntv.json?key=bf85dbb864fe97b2a9bb64a15991a07b\u0026vstc=1\u0026uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29%3A1%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb=","fqdn":"grandeursubtlecol.com","domain":"grandeursubtlecol.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://aguea.net/","date":"2025-09-01T10:45:42.152Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"grandeursubtlecol.com","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Thu, 14 Aug 2025 11:30:23 GMT","end":"Wed, 12 Nov 2025 11:30:22 GMT"},"fingerprint":{"sha1":"D2:DC:04:F3:99:F7:CC:F9:16:AB:27:0E:65:08:90:79:F5:A1:EA:8A","sha256":"20:71:D7:42:17:00:0F:0F:E0:97:1B:B0:FE:CD:06:B8:18:76:AE:06:7E:60:04:28:C1:CD:51:70:3C:61:C9:EA"}}},"request":{"raw":"GET /ntv.json?key=bf85dbb864fe97b2a9bb64a15991a07b\u0026vstc=1\u0026uuid=d29d3e31-a428-4b8e-8b25-f940d5c79a29%3A1%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb= HTTP/1.1\r\nHost: grandeursubtlecol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://aguea.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://aguea.net/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 01 Sep 2025 10:45:42 GMT\r\nContent-Type: application/json\r\nContent-Length: 2302\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://aguea.net\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=d29d3e31-a428-4b8e-8b25-f940d5c79a29:1:1; expires=Mon, 08 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nu_pl27352413=1; expires=Tue, 02 Sep 2025 10:45:42 GMT; path=/; secure; SameSite=None\nnlecbf85dbb864fe97b2a9bb64a15991a07b=[5474031]; expires=Mon, 01 Sep 2025 10:45:47 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 17\r\nHost: grandeursubtlecol.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bfea5dfc1d33521d410562c1b7a3d115\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4149,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"7a3d1a5f3e5119227c97c4c1c7acd713","sha1":"1453aaf544bd6b8e3ffa15350138693e4b0603e3","sha256":"b0320a30c001cfcd307e1d04ef47fe41615c536d07b9ddfd12fe6a07f123b381","sha512":"948051865e52b477955c18b9d32157cac79fe9ac3a759c99c3c2a1de350280d8c7344d4f8964628ab46c690018a171f1de98cdd3c5d1c32d3f854adce6a3c7a7","ssdeep":"96:5pwaZ9Sz6x0h78U0Z9Sz6x0h74kPH27OMxEIthIKjUHxlJGkyzXN:fwaZM6x0h78bZM6x0h74kPHEOMiIthIY","tlshash":"9181199e6e84179c1e16241793c90abe4d662413fc504baf2cf44b9e0bd9fdba253507","first_seen":"2025-09-01T10:46:10.322141Z","last_seen":"2025-09-01T10:46:10.322141Z","times_seen":1,"resource_available":false,"data":null}},"time_used":139,"timings":{"blocked":22,"dns":0,"connect":0,"send":0,"wait":117,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-01","alert":"Sinkholed","trigger":"grandeursubtlecol.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}