{"report_id":"58e31fed-30b5-47b0-9ba2-9d23fed55e3d","version":0,"status":"done","tags":[],"date":"2026-07-02T12:56:57Z","url":{"schema":"http","addr":"defendercontrol.app","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"defendercontrol.app/","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"title":"Defender Control Download | Safe Windows Security Management Tool","dom":{"size":189560,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (29196)","md5":"da3c6e9c67470290086ffb51ccf60b04","sha1":"46de65d7f33981790dd9e93b2aa47db1590f6fff","sha256":"301b473730616bf3d4d32a47a8c5e760e702306f1b8f7238ff08504051b5e8ba","sha512":"8737e75e5d26f1f652815ae3ba7727d4cafdbc31a75b9de994bce0f2b72f472ea7e385257855498aa565da316b20f35d5805c2090672aad3421659d4ef5e8f62","ssdeep":"768:E7l3isT0Zj0AhnNv6lsR9ad+WbQQhJ5kkc/K4Dokoh8rXnoLX9UkocT3LJxC1Du+:8LYfhQ/hhOnoxpziT6bDD/3w3V","tlshash":"b104f93572f411bf28d7c1f6fa2a6b5aae19d187e537408671ad46649fc3ca3c903344","dom_hash":"domhash4c61dba122c24cb71c5a1613f753eb11","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"defendercontrol.app","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-08-06T12:56:57Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"qguvgzjxzsgb3vs"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":4}},"detection":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-02","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"defendercontrol.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-06-28T22:19:26.805281Z","alert_count":0,"request_count":1,"received_data":23101,"sent_data":571,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-06-28T22:22:13.875484Z","alert_count":0,"request_count":1,"received_data":13368,"sent_data":569,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"defendercontrol.app","ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-07-02T12:56:59.155167Z","last_seen":"2026-07-02T12:56:59.155167Z","alert_count":34,"request_count":11,"received_data":300507,"sent_data":6087,"comment":"","tags":null,"fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn.tailwindcss.com","ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-07-20","domain_rank":117330,"first_seen":"2018-07-09T05:46:13Z","last_seen":"2026-06-29T07:57:36.057616Z","alert_count":0,"request_count":2,"received_data":511568,"sent_data":978,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2026-06-28T22:30:22.905773Z","alert_count":0,"request_count":1,"received_data":485928,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"defendercontrol.app/","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"225c60163c901b42eac4435f19e7ecf4","sha1":"24fad68c7236c465c71433a20bdb0d3c1a6e6537","sha256":"4decbf2088db9b1be5107b6629818067ca6f910d80ee1e5c23db0c44fab0d45c","sha512":"c87107b9daa8e8e2a354149a02acbec5eeb93db8a35850d9c2d847a3b57a5dc34a5651600d7c37859f907dd3448d13e98f7c6b460022c7491ae7379394746e8b","ssdeep":"","tlshash":"c1c08c88210b0cb182a72b414b2fa200f0053206a6d09920190a22048f20d13d744814","size":154,"data":"","first_seen":"2026-07-02T12:57:10.940005Z","last_seen":"2026-07-02T12:57:10.940005Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"611fd2edd3411a2b1d833332336dee6e","sha1":"0577e1b02ac87c47d475f8dc12f2945eb1220ece","sha256":"9725eabede921a4396aa410113fffdbc17d5354fa1df1a09612b3be7db000b4b","sha512":"00468b78cf515309e07dd5396bf07977b7eb94aa90d9dad23176dfde92eb9b2f5f9d7d4ecea4681bf7051e322d7c41dad9bd6dcb1d683d7100c4885424981796","ssdeep":"","tlshash":"61e07d1930c200360273446633b7410a2222270fc48e9b167a5fc8951f34cd3050650c","size":329,"data":"","first_seen":"2026-07-02T12:57:10.941046Z","last_seen":"2026-07-02T12:57:10.941046Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5aed78ab91a007e27a4972cc28589310","sha1":"ccba0536f14bdbb51389362ea69d62f11837c64d","sha256":"8490657a22ddbee4eb16e715a76e9e955895a421c6ae07cbd1ba053f3ffa0fb6","sha512":"f86911f8abf2c4a4a5ba7ce7bdd6bf951cbf2834a072766f288a2537c95fc8995ad46567c67e7d8e7b9290e2284cc7f49955128bfdf6600a192ea7d4323a7887","ssdeep":"","tlshash":"8ef05c2b71d1502d4a4e10e48b8f210f0309a1132d3ccda4be9e4949bf72234c463a4b","size":519,"data":"","first_seen":"2026-07-02T12:57:10.941926Z","last_seen":"2026-07-02T12:57:10.941926Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/assets/js/main.js","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"80a525e97c8e254d79528cebe508059c","sha1":"f02d9583605e7372f359fb3e36dc89ab503bc220","sha256":"e060a8e765046f9b96355c64c2db20f702afb1096cd8550dc4d07350d5d6f22f","sha512":"933858eef550c8f483d7fc5c18c7155017fa4bf027c700bd1a2845fed38d34bca8e9d2ede683f3d8eb6c3a467e302388cfaff208656f89a1aacf210a96db0dd9","ssdeep":"384:qou1j1QD/xVtNRNDSvFjOr4drUZ+XqJ6K0mclidwLf2:qoKyD/hwfXqJ6KLIiKS","tlshash":"a582fa5e6025203384b3737a6767950dfe36016bb502e90abeac8b442fb1d541ae3fdc","size":18259,"data":"","first_seen":"2026-07-02T12:57:10.929441Z","last_seen":"2026-07-02T12:57:10.929441Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/?plugins=forms,typography","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c423257ce6bde1851c335e8f8f4e9bb2","sha1":"034de0a189bd5e766accc1122ab3a53d53c23cc4","sha256":"0656b912a5893ab56c590ef7e1edd2c9ae57bbff18b30a300cdd66f3f1486708","sha512":"a21bcd7fbf9351dd93a98f4d5d170224d0e7df81cba9da8da1c2cb354257c38d188c1f3c34d929c9783f5cc1389c0e720d268d357efba89a99a3980c48c463d5","ssdeep":"6144:LFQUPEz0+19zXEVy61LLeMP5mqNFPyF2pH7w2nXrPO0s:ZQUPEQSzXEVy61LLn5/CSbHbPO0s","tlshash":"22b43ba97356b13647eba1e850ab1402f37d9928900c84acf79dc4ea3de4d4950bbf3d","size":510091,"data":"","first_seen":"2025-09-21T16:18:40.255776Z","last_seen":"2026-07-02T12:57:10.925076Z","times_seen":117,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-JS4ZXQBTS7","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1dfd08343c6bc225ebeb18df2596ee26","sha1":"d5e5b93b350c4de68ffc6f57d3c13b99dc22346a","sha256":"9d6d6bb585cae7ed065340a7c176cdbf1a91d6fcab14063c2e0d860740b539e1","sha512":"6d2a7ac411eeb55f8ef75c1e5c9548e0d703062dd32f412ecc71f48636462e08018e6484b0607c2ce375dc292e14339ce4438c30157407bbfcc08b9b53aa435c","ssdeep":"6144:n3xzoZP0h7MP/GCvol1+exYazU06cwa6GKKnsxgP7f2i0Z4ymX6:3xzv7g1K+ezf2ik26","tlshash":"8aa4f9cdb3d674265396f478903f018ba57b28a2b44cc899f189cce42e7465a8277f7c","size":485324,"data":"","first_seen":"2026-07-02T12:57:10.925675Z","last_seen":"2026-07-02T12:57:10.925675Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"7c3c3ddeb80438dcbb3d081d2d00e152","sha1":"5a4016732ee72ec77b4f6ab17047bcea6d2ea34d","sha256":"321b4f657afbf8ba49518e6ab4cbad07ea967d0b4c68f71c7deed05ed09c1187","sha512":"b252f7dc795284fe8ce404711809130d8e16670a8e49b271f9a24b04a542a0fccb7a8c7238c12b37db35fe73a2fbf1cdb374468574db4e6d39975a17dca547a3","ssdeep":"","tlshash":"de6000f0003000000003c30000330cf300000c0f00ccc30cfc0000c000c00000000c03","size":16,"data":"","first_seen":"2023-04-10T15:57:29Z","last_seen":"2026-07-02T18:05:49.143607Z","times_seen":321420,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":[{"level":"warn","text":"cdn.tailwindcss.com should not be used in production. To use Tailwind CSS in production, install it as a PostCSS plugin or use the Tailwind CLI: https://tailwindcss.com/docs/installation","filename":"https://cdn.tailwindcss.com/?plugins=forms,typography","line_number":66,"column_number":26105},{"level":"log","text":"Defender Control website initialized successfully","filename":"https://defendercontrol.app/assets/js/main.js","line_number":23,"column_number":13},{"level":"log","text":"ServiceWorker registration failed","filename":"https://defendercontrol.app/assets/js/main.js","line_number":550,"column_number":25}]},"http":[{"url":{"schema":"https","addr":"defendercontrol.app/","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-07-02T12:56:32.269Z","timestamp":1782996992269,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: none\r\nPriority: u=0, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:32 GMT\r\ncontent-type: text/html\r\nlast-modified: Sun, 24 May 2026 17:09:46 GMT\r\nvary: Accept-Encoding\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\npriority: u=0,i\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Qxygg726J2xBaNprWlv%2F3%2F%2BFNph3WNt0OAAXnc%2BUf52olq%2B6hFD%2BssWUgK5RgwGUmrfGldesyzKDb6amE1Pr0ejlxh1h5efUCjd8RWfE4osMy4wjOCNK5Yl3bxGnTo%2B1IXTwWtE7\"}]}\r\ncontent-encoding: zstd\r\ncf-ray: a14dcfa23a9956b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Tailwind CSS","description":"Tailwind is a utility-first CSS framework.","website":"https://tailwindcss.com/","common_platform_enumeration":"","icon":"tailwindcss.svg","categories":["UI frameworks"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":161393,"size_decoded":23821,"mime_type":"text/html","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (708), with CRLF line terminators","md5":"a76db26e3f80cde1aa969f74dc41c544","sha1":"5cfcfff6add40f0d36243bad93874fdf8cf3ed9a","sha256":"bfcb046c34692818f64767fcf86d905772ca2a77a3a03a3abbb4c0d005e1c25e","sha512":"af682894f641fb6647720d1245dff563479b7d91ec71bb270475a25d1f7953e1c06fa874f8ac0394bae49a5e169ade1e66d67d92f60f507c3eb9801565214cea","ssdeep":"768:QylvvyGmtjJmHSAkVzcgi7YaU4bFCZFr+3Sm4EVJd1u6wRQ2uiGSKpn2GjtlERIr:TneVN4EZFCSlToQKpZKI9iQ","tlshash":"5ff3957262d461bf10f3c1b6eb2a2ba6fe59c147e167808671ed52ab9ff3c11c907250","first_seen":"2026-07-02T12:57:10.920133Z","last_seen":"2026-07-02T12:57:10.920133Z","times_seen":1,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":-1,"dns":64,"connect":21,"send":0,"wait":177,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"infosec_yara","sensor_type":"yara","title":"YARAhub by abuse.ch","description":"YARAhub by abuse.ch","scan_date":"2026-07-02","alert":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","trigger":"defendercontrol.app/","verdict":"malware","severity":"medium","comment":"","link":"https://yaraify.abuse.ch/yarahub/","meta":{"author":"iam-py-test","date":"2022-11-19","description":"Detect files disabling or modifying Windows Defender, Windows Firewall, or Microsoft Smartscreen","false_positives":"Files modifying Defender for legitimate purposes, files containing registry keys related to Defender (i.e. diagnostic tools)","rule":"Disable_Defender","yarahub_author_twitter":"@iam_py_test","yarahub_license":"CC0 1.0","yarahub_reference_md5":"799a7f1507e5e7328081a038987e9a6f","yarahub_rule_matching_tlp":"TLP:WHITE","yarahub_rule_sharing_tlp":"TLP:WHITE","yarahub_uuid":"1fcd3702-cf5b-47b4-919d-6372c5412151"}},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/icon.ico","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.234Z","timestamp":1782996993234,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/icon.ico HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V3xt5iVkw5THDt1%2Bz2JFUNG%2FPEVVNeOnpGMZLeGSSMU%2FQoPEZIHTIfYFgWoNbVC1jG95TPUip2C%2Fl6SRT006i8YqzDm88QCnZc1uvGMctmgD2AAhXx54wSZ%2Bi1eC4rRKHkRNMokx\"}]}\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\npriority: u=3,i\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\ncontent-encoding: zstd\r\netag: W/\"69eeff34-10be\"\r\ncf-ray: a14dcfa7baf556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":3539,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"9006cee6237caad32f11c80c55be3ea9","sha1":"d9a48c4281ce1b4a743aa606d65f37d8a02262f3","sha256":"bd9c727ff09f0b53d553b7cd4cf329a1f036aa5e90b43261e080be0373ead535","sha512":"e54d09a5b0201c9275cfb8c2c35af2fe0387d9d453a1e76e95e48946f268035901fa117914051b98abe445e5199ab8dbb09ce2f1767009f1950b7c9421ec2555","ssdeep":"96:rETmUx+1gGt64u0ApQ7Rxla3bpjI3umUgOmREbAuRULfc:rE7x+1x64u0Ape6rFI3umUgJREbAJ","tlshash":"9391a69599423c34ef08773241db1934113a7e29faffa63f6315b61166b74d24064739","first_seen":"2026-07-02T12:57:10.922479Z","last_seen":"2026-07-02T12:58:13.077518Z","times_seen":3,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":141,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/defender_control_menu.png","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.235Z","timestamp":1782996993235,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/defender_control_menu.png HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff34-8c63\"\r\nexpires: Sat, 01 Aug 2026 12:56:33 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=t240FwMbrjgbw7MKuG040cZpz5Rmfd1NHHYlmDbt8ZDJS9jW%2FkXqgzwYGI7nHVg4DZSueA%2BK9le8tFR6IwkyarKnKJwJKdd%2FssXR8vlqfMjH8OOjV7TUVYXoBrJVucibeQWt1MY8\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i\r\ncf-ray: a14dcfa7baf656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":35939,"size_decoded":36429,"mime_type":"image/png","magic":"PNG image data, 599 x 434, 8-bit/color RGB, non-interlaced","md5":"886673f0e59aa9365bbbf8b0ea6935a8","sha1":"c71ef1d485617e0edb162b2821e764b8a0d0c673","sha256":"17421613379906bc19ffa0200de1ba637de9437a848fdf6e9e2baca8c5c05bcf","sha512":"bb2a12b8d43ce7f2835905c5d27638442d2dae2ed832c67603108b9a689300a2485c30a6c3ddb262d5291f56e87b483a9d8b6872f1525ce792148dc524416c7b","ssdeep":"768:mbXxslE7Iz1TalSeFUVrYE3S4CzVQAwfDfKARkX:ZLxTFaUVltCzVQV7/kX","tlshash":"f8f2e13e734b7fe14b285da019252a6b9da6bb90e04585230e0a5978ff0f1b19c4fe43","first_seen":"2024-11-08T02:43:17.339615Z","last_seen":"2026-07-02T12:58:13.099025Z","times_seen":3,"resource_available":false,"data":null}},"time_used":169,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":167,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/3.4.17?plugins=forms@0.5.10,typography@0.5.16","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.285Z","timestamp":1782996993285,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 May 2026 14:31:45 GMT","end":"Mon, 17 Aug 2026 15:31:39 GMT"},"fingerprint":{"sha1":"B6:67:6F:5A:BE:B9:2A:B2:16:10:49:96:1E:1F:99:2B:44:AF:EA:A6","sha256":"63:A9:BF:FB:46:E0:B8:37:95:77:F3:63:84:AE:78:22:46:11:85:5E:DF:87:F6:4B:EF:F2:2E:24:D5:74:70:39"}}},"request":{"raw":"GET /3.4.17?plugins=forms@0.5.10,typography@0.5.16 HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncontent-type: text/javascript\r\ncache-control: max-age=31536000\r\ncontent-encoding: br\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: arn1::iad1::59hx7-1778775054866-427d4557a019\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nage: 4221935\r\nlast-modified: Thu, 14 May 2026 16:27:52 GMT\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=n1Wwf%2BVQ7v4zpZnvWjIHqA%2BiV0KfK%2FbgS%2FOJKKxFgnzIgginFi9VCdcmbEAT%2F7%2BnX%2BqHwVs8nkiRYjrCm4XwuibIrTnC%2BvQjm%2BBwx3Zf3yUcpLS2SFMghS09mlYuJ4ugnnX49UA%3D\"}]}\r\ncf-ray: a14dcfa80f3423eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":510091,"size_decoded":146116,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (52873)","md5":"c423257ce6bde1851c335e8f8f4e9bb2","sha1":"034de0a189bd5e766accc1122ab3a53d53c23cc4","sha256":"0656b912a5893ab56c590ef7e1edd2c9ae57bbff18b30a300cdd66f3f1486708","sha512":"a21bcd7fbf9351dd93a98f4d5d170224d0e7df81cba9da8da1c2cb354257c38d188c1f3c34d929c9783f5cc1389c0e720d268d357efba89a99a3980c48c463d5","ssdeep":"6144:LFQUPEz0+19zXEVy61LLeMP5mqNFPyF2pH7w2nXrPO0s:ZQUPEQSzXEVy61LLn5/CSbHbPO0s","tlshash":"22b43ba97356b13647eba1e850ab1402f37d9928900c84acf79dc4ea3de4d4950bbf3d","first_seen":"2025-09-21T16:18:40.255776Z","last_seen":"2026-07-02T12:57:10.925076Z","times_seen":117,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/icon.ico","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.664Z","timestamp":1782996993664,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/icon.ico HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=j1ajShUSPrRDAW0LHaSjHAYSFgkeJZEUQbYECrtNjlJsL4pDhb1Ve8aw1jxEYyBKOJFyBUEqhon0C2tL%2BTjBUgxyOg8t6h97kGth6UkGNbtTpgmu8fc5ekm5guzJ5TGVrFoCYQhq\"}]}\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\npriority: u=6,i=?0\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\netag: W/\"69eeff34-10be\"\r\ncf-ray: a14dcfaa7b0c56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4286,"size_decoded":3541,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"9006cee6237caad32f11c80c55be3ea9","sha1":"d9a48c4281ce1b4a743aa606d65f37d8a02262f3","sha256":"bd9c727ff09f0b53d553b7cd4cf329a1f036aa5e90b43261e080be0373ead535","sha512":"e54d09a5b0201c9275cfb8c2c35af2fe0387d9d453a1e76e95e48946f268035901fa117914051b98abe445e5199ab8dbb09ce2f1767009f1950b7c9421ec2555","ssdeep":"96:rETmUx+1gGt64u0ApQ7Rxla3bpjI3umUgOmREbAuRULfc:rE7x+1x64u0Ape6rFI3umUgJREbAJ","tlshash":"9391a69599423c34ef08773241db1934113a7e29faffa63f6315b61166b74d24064739","first_seen":"2026-07-02T12:57:10.922479Z","last_seen":"2026-07-02T12:58:13.077518Z","times_seen":3,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-JS4ZXQBTS7","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.40","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.153Z","timestamp":1782996993153,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 08:39:04 GMT","end":"Mon, 07 Sep 2026 08:39:03 GMT"},"fingerprint":{"sha1":"6D:E4:85:F4:01:A4:0B:02:E0:64:E2:F2:58:93:6D:3F:4C:AB:30:9D","sha256":"4A:07:79:34:AC:03:17:68:07:4A:CB:68:23:A7:E3:14:B2:DE:22:3C:E1:AE:8D:F5:2F:2E:2D:C6:28:58:47:CE"}}},"request":{"raw":"GET /gtag/js?id=G-JS4ZXQBTS7 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: zstd\r\nvary: Accept-Encoding\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\nexpires: Thu, 02 Jul 2026 12:56:33 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 165030\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":485324,"size_decoded":165634,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6033)","md5":"1dfd08343c6bc225ebeb18df2596ee26","sha1":"d5e5b93b350c4de68ffc6f57d3c13b99dc22346a","sha256":"9d6d6bb585cae7ed065340a7c176cdbf1a91d6fcab14063c2e0d860740b539e1","sha512":"6d2a7ac411eeb55f8ef75c1e5c9548e0d703062dd32f412ecc71f48636462e08018e6484b0607c2ce375dc292e14339ce4438c30157407bbfcc08b9b53aa435c","ssdeep":"6144:n3xzoZP0h7MP/GCvol1+exYazU06cwa6GKKnsxgP7f2i0Z4ymX6:3xzv7g1K+ezf2ik26","tlshash":"8aa4f9cdb3d674265396f478903f018ba57b28a2b44cc899f189cce42e7465a8277f7c","first_seen":"2026-07-02T12:57:10.925675Z","last_seen":"2026-07-02T12:57:10.925675Z","times_seen":1,"resource_available":true,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":3,"connect":14,"send":0,"wait":43,"receive":45,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tailwindcss.com/?plugins=forms,typography","fqdn":"cdn.tailwindcss.com","domain":"tailwindcss.com","tld":"com"},"ip":{"addr":"104.26.3.143","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.155Z","timestamp":1782996993155,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"tailwindcss.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 19 May 2026 14:31:45 GMT","end":"Mon, 17 Aug 2026 15:31:39 GMT"},"fingerprint":{"sha1":"B6:67:6F:5A:BE:B9:2A:B2:16:10:49:96:1E:1F:99:2B:44:AF:EA:A6","sha256":"63:A9:BF:FB:46:E0:B8:37:95:77:F3:63:84:AE:78:22:46:11:85:5E:DF:87:F6:4B:EF:F2:2E:24:D5:74:70:39"}}},"request":{"raw":"GET /?plugins=forms,typography HTTP/1.1\r\nHost: cdn.tailwindcss.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 \r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncache-control: max-age=14400\r\nlocation: /3.4.17?plugins=forms@0.5.10,typography@0.5.16\r\nserver: cloudflare\r\nstrict-transport-security: max-age=63072000\r\nx-vercel-cache: MISS\r\nx-vercel-id: fra1::iad1::tn2dc-1782996684875-ff135246e3e6\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 308\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4slkcKkvl%2FLI68llIuCl8r1%2BMyXro4sDhunx5qPMZVXzynJewZS8VhlNTugsqLaXTtJPjAABF4odJ4mkWyK97N%2B60GnGi%2FOoSVVeFcpr5%2BM9EJHumYkrJ5Ws9FapffBIVZSV2NI%3D\"}]}\r\ncf-ray: a14dcfa74c9023eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"","fingerprints":[{"name":"Vercel","description":"Vercel is a cloud platform for static frontends and serverless functions.","website":"https://vercel.com","common_platform_enumeration":"","icon":"vercel.svg","categories":["PaaS"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-07-02T18:08:25.04006Z","times_seen":16919242,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":1,"send":0,"wait":7,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/icon.ico","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.662Z","timestamp":1782996993662,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/icon.ico HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncontent-type: image/x-icon\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=V9Z5FXrEA%2FAyyKsDWJNv%2FLDy8doQu2OTQwKnZbUkfxq5L%2B9l6PjAcsbhVVid1SehLQZM5%2B0nzq3H0KzGk9etWRmLXj%2BFTabJwlezMDT5nv34ox4nRmfDwXTVB6lJpjS3pUZeW%2BH4\"}]}\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nstrict-transport-security: max-age=31536000\r\npriority: u=6,i=?0\r\nage: 0\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\ncontent-encoding: zstd\r\netag: W/\"69eeff34-10be\"\r\ncf-ray: a14dcfaa6b0b56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4286,"size_decoded":3551,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 32x32, 32 bits/pixel","md5":"9006cee6237caad32f11c80c55be3ea9","sha1":"d9a48c4281ce1b4a743aa606d65f37d8a02262f3","sha256":"bd9c727ff09f0b53d553b7cd4cf329a1f036aa5e90b43261e080be0373ead535","sha512":"e54d09a5b0201c9275cfb8c2c35af2fe0387d9d453a1e76e95e48946f268035901fa117914051b98abe445e5199ab8dbb09ce2f1767009f1950b7c9421ec2555","ssdeep":"96:rETmUx+1gGt64u0ApQ7Rxla3bpjI3umUgOmREbAuRULfc:rE7x+1x64u0Ape6rFI3umUgJREbAJ","tlshash":"9391a69599423c34ef08773241db1934113a7e29faffa63f6315b61166b74d24064739","first_seen":"2026-07-02T12:57:10.922479Z","last_seen":"2026-07-02T12:58:13.077518Z","times_seen":3,"resource_available":false,"data":null}},"time_used":14,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/spacegrotesk/v22/V8mDoQDjQSkFtoMM3T6r8E7mPbF4Cw.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:34.260Z","timestamp":1782996994260,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 08:41:01 GMT","end":"Mon, 07 Sep 2026 08:41:00 GMT"},"fingerprint":{"sha1":"01:31:A1:A6:4F:08:45:E1:F0:0B:CE:B1:B8:D8:61:D7:D1:70:ED:6F","sha256":"29:C5:5D:01:47:6E:72:F7:2C:CC:0B:96:BB:67:BA:39:CC:03:11:EB:7B:47:F5:3F:CC:DE:12:AC:68:07:A1:BA"}}},"request":{"raw":"GET /s/spacegrotesk/v22/V8mDoQDjQSkFtoMM3T6r8E7mPbF4Cw.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: identity\r\nOrigin: https://defendercontrol.app\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=5\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 22288\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sun, 28 Jun 2026 10:40:20 GMT\r\nexpires: Mon, 28 Jun 2027 10:40:20 GMT\r\ncache-control: public, max-age=31536000\r\nage: 353774\r\nlast-modified: Thu, 04 Sep 2025 17:26:34 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":null,"data":{"size":22288,"size_decoded":23101,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22288, version 1.0","md5":"87c506d88b9f587f0e2292bc271f5083","sha1":"c0781ea2f29013826dc1eb8db40f4d400d9df710","sha256":"0640890476fc1198ab4de571fb658de443c4d85b66466ec09534a8737ab1ce9d","sha512":"25171eb14ce4c75ccfdb6f1c2a7de82182fd8d3d79cfa108df2d0e015e4ac84678ad97fdf90cff2ac2f24934531fcca3289343129687f176f21964ce5cd01b02","ssdeep":"384:TB/NWnO5qgQvU7gd7EeEX5qPOJO4FqaCEuAsCyzvDfxPdjuHsrC:TBlo1vUsvZqO4MAsCKrxxuMrC","tlshash":"8aa2e15b3f6bde211a27aebf4fc957b0a3ac6c1db2dd2712c198b104408962cc5d5ce6","first_seen":"2025-09-05T05:08:09.568652Z","last_seen":"2026-07-02T18:24:29.990856Z","times_seen":21318,"resource_available":false,"data":null}},"time_used":53,"timings":{"blocked":-1,"dns":0,"connect":29,"send":0,"wait":17,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/windows_defender_is_turned_off.png","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:34.264Z","timestamp":1782996994264,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/windows_defender_is_turned_off.png HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nCookie: _ga_JS4ZXQBTS7=GS2.1.s1782996994$o1$g0$t1782996994$j60$l0$h0; _ga=GA1.1.1527013630.1782996994\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff34-28a0\"\r\nexpires: Sat, 01 Aug 2026 12:56:34 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3fS2BUY1ZNdhHEqD%2FQJ%2B9dNbkkdkIJwRWzyKFGO2EXaq5Ahq1pQB2MP%2BVjRB20fGYPjFN8JCUudbVBwfpjnYAgcFVsZ5sFLyQaEEUXyue5kJCE0kyB2T8VH%2FbAsbPfcMzJl%2By4Ll\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a14dcfae2b2056b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10400,"size_decoded":10838,"mime_type":"image/png","magic":"PNG image data, 402 x 177, 8-bit/color RGB, non-interlaced","md5":"b22486d69f97c0183d06eb1c77062749","sha1":"62e6951948c4a293917c9a067151205f19f3fae2","sha256":"7e6f8374c89877a5c95f5fbf28fb83fcb753cd18521b386cb5c08a2c06ef7496","sha512":"273eaa0239b4e67b6129c0dd271c9d59af0478f662fd6032b4f92949452e1f2cd43e76873fa8d62a24c4844e03ad1d8462ff1f8c988664c710aa5bca59e97352","ssdeep":"192:pg0blQovkar5IPgSvivC07X1XzODsvDG5qFXtkHFF0iG:u0O1eyL4ZQs3tklF0iG","tlshash":"af22bf5d4f412c23b53de9c94ab97831faaf4c34ab6810af3905a591382077fd42ec8a","first_seen":"2026-07-02T12:57:10.928001Z","last_seen":"2026-07-02T12:58:13.091316Z","times_seen":2,"resource_available":false,"data":null}},"time_used":125,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":125,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/assets/js/main.js","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.237Z","timestamp":1782996993237,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /assets/js/main.js HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff34-4753\"\r\nexpires: Fri, 03 Jul 2026 00:56:33 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=pYBfz9rwpAN27UK%2FmOf4bYd%2FUgAKqXirL%2BcKO3rHyI4eM0jjxn0cOFYqtm1fKCv0ORjKzWT9G82BdrocEnn3%2B5KIJTHkb6KyNx0nt5iorUYNLzp9eEHBRYQMPP1w0cXKBcGi8D5p\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=3,i=?0\r\ncf-ray: a14dcfa7baf756b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":18259,"size_decoded":5478,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text, with CRLF line terminators","md5":"80a525e97c8e254d79528cebe508059c","sha1":"f02d9583605e7372f359fb3e36dc89ab503bc220","sha256":"e060a8e765046f9b96355c64c2db20f702afb1096cd8550dc4d07350d5d6f22f","sha512":"933858eef550c8f483d7fc5c18c7155017fa4bf027c700bd1a2845fed38d34bca8e9d2ede683f3d8eb6c3a467e302388cfaff208656f89a1aacf210a96db0dd9","ssdeep":"384:qou1j1QD/xVtNRNDSvFjOr4drUZ+XqJ6K0mclidwLf2:qoKyD/hwfXqJ6KLIiKS","tlshash":"a582fa5e6025203384b3737a6767950dfe36016bb502e90abeac8b442fb1d541ae3fdc","first_seen":"2026-07-02T12:57:10.929441Z","last_seen":"2026-07-02T12:57:10.929441Z","times_seen":1,"resource_available":true,"data":null}},"time_used":139,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":139,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/windows_defender_is_running.png","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:34.262Z","timestamp":1782996994262,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/windows_defender_is_running.png HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nCookie: _ga_JS4ZXQBTS7=GS2.1.s1782996994$o1$g0$t1782996994$j60$l0$h0; _ga=GA1.1.1527013630.1782996994\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff34-274b\"\r\nexpires: Sat, 01 Aug 2026 12:56:34 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xN1HAwPRofvcOVDgB8cHAOalD1hySEdtWajyJ2naQ%2BIZ3HJgC5GzXo6KW3BrWMxxhqZjAALn%2FMFo59SsxdniVSxb5Aq%2FaQysIBt1OM9fn6frJsp3avoJyBisqp3Ts9zQDauqcFWh\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a14dcfae2b1f56b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10059,"size_decoded":10519,"mime_type":"image/png","magic":"PNG image data, 402 x 177, 8-bit/color RGB, non-interlaced","md5":"df95890be8d535fbba02885dfa53108e","sha1":"a8dafeb44c6ef85a351da45aab4d882d6e268397","sha256":"e00d180cc5fba0cbff456e87ebac076974161df9337ae11da168d5f2365b2e0b","sha512":"0217d6235253b1b8792090de1cc91c6feca67706cd00745cb8bc7eea6f3cc1bc000dc1f8c5756a51c6b804a9a229f78d09a7b171b68252589a7ec9275b713cd1","ssdeep":"192:pxc57s4iHamiS2rGbm8RjXQZXRGlWkd5DBGSfrLiNxniQlL4auOG30cn:shC6SQZXRGQkNfPiNx/lL0OGjn","tlshash":"9122ce88fffdd6c2e31d858798fbf60c2d1218888fd3e8956949706b2a301a8057ed09","first_seen":"2026-07-02T12:57:10.931573Z","last_seen":"2026-07-02T12:58:13.088587Z","times_seen":2,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/defender_can_not_be_started.png","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:34.345Z","timestamp":1782996994345,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/defender_can_not_be_started.png HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nCookie: _ga_JS4ZXQBTS7=GS2.1.s1782996994$o1$g0$t1782996994$j60$l0$h0; _ga=GA1.1.1527013630.1782996994\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff34-25ab\"\r\nexpires: Sat, 01 Aug 2026 12:56:34 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IBERF%2BZ5olfFVGKu%2By%2FzyeVqqkZvD%2FvFrI%2B01hhK%2F4hW3WomWytE4XyZ9OeHhmlmCq0jEVCmFWGzxtG949mOCiQq4ow4MCMu61yu%2BwVtqThUGIDau%2BmXpDBdLi4iwR60IdlJg%2FlP\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a14dcfaeab2556b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":9643,"size_decoded":10117,"mime_type":"image/png","magic":"PNG image data, 402 x 177, 8-bit/color RGB, non-interlaced","md5":"b6a42cb8f9b4337aa597707ba8fda164","sha1":"cf83f2338f9c00818be329e0a1070cd3b7cec659","sha256":"d6c17c8a5a43ceb476e724154f72b6aebfc2615acd9ccf4b286646c1409cc3e9","sha512":"0a06d511e23c167c88ccfa779338fc517837c8ee9e7f057bf69ca627e932af61ce1499f30e14fa44fe6a1efdcaaa00407830a0c3978fc4cfbe4eb4ef695aa53c","ssdeep":"192:ptncHz7Ezr1ikBHfH+u4nabUhIulorAmg57JJBwc:IwzhikJeabtuloUmy7JJz","tlshash":"cf129f04b3c44b66e1d951b0d8eb84326e534ae1c4b97ce506d998e7cff43763a09e83","first_seen":"2026-07-02T12:57:10.932783Z","last_seen":"2026-07-02T12:58:13.099797Z","times_seen":2,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":142,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/assets/css/styles.css","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.157Z","timestamp":1782996993157,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /assets/css/styles.css HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=2\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff34-2d21\"\r\nexpires: Fri, 03 Jul 2026 00:56:33 GMT\r\ncache-control: max-age=43200\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P46R84FdtkR6vTPETcWJq7o8fKboqXd0QYWlNBp5wGqvg%2FdcsyobSlJwgVf%2FU6msrftp6cGZDeTK7yVhnLAG636cqXfDPRhQfiD4800SeyiFf3CEU1Fzkw3Tn1b5ckkvpaozRLSb\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=2,i=?0\r\ncf-ray: a14dcfa73ae156b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":11553,"size_decoded":3919,"mime_type":"text/css","magic":"assembler source, Unicode text, UTF-8 text, with CRLF line terminators","md5":"ef660968f97d91466c8ddbe919bf9087","sha1":"44f30044da1ea00a344b4f2f614c3480d6bed022","sha256":"c96431312513b7c431e5e17d54618e655b0263af1b3b82375bd2c939b116db86","sha512":"0024ccc9bd3c30411bceebb95cd137018b60468504a6274bd84020f1dc22035baeffcc89521f726f71ad1b8003006216a4cb7ecdba49e91085eddd87db90cb0a","ssdeep":"192:lu11EEZSOroEIafL4dcHdeDNdTA6ODHepeJnxu2UJ6iiJOXfc:loSc8/cU3J0","tlshash":"dd32636dd64135423237dbb4ab728618ffb99027de02077c7bed72600fb61b85522e68","first_seen":"2026-07-02T12:57:10.934429Z","last_seen":"2026-07-02T12:57:10.934429Z","times_seen":1,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700\u0026family=Space+Grotesk:wght@500;600\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:33.247Z","timestamp":1782996993247,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 15 Jun 2026 08:41:02 GMT","end":"Mon, 07 Sep 2026 08:41:01 GMT"},"fingerprint":{"sha1":"FD:DA:E1:3E:1F:AC:E0:96:14:ED:37:58:30:0F:ED:9D:B4:5E:F1:EF","sha256":"7D:36:0C:A4:14:F6:05:8D:F4:E1:CD:BF:84:A7:03:AD:3F:C4:93:AE:B3:D6:7E:99:CB:92:D7:1F:29:A1:49:A4"}}},"request":{"raw":"GET /css2?family=Inter:wght@400;500;600;700\u0026family=Space+Grotesk:wght@500;600\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-Fetch-Storage-Access: none\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPriority: u=6\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 \r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 02 Jul 2026 12:56:33 GMT\r\ndate: Thu, 02 Jul 2026 12:56:33 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12684,"size_decoded":1543,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"4f09115d34456881a81b34be41a89a1e","sha1":"ba3fdf5ac8fa29b290e8bfdc25a9c3d69d85da3c","sha256":"458330ffe4ad1e8e59318f89d3c61bc02aeede687fca770289b3925e6b58de72","sha512":"f5e15fc0e9d10b5b2ccb4f6eb971293869e4c4e05a7aa2f245521d96253fdc6ee5fdecbba81a35c13dc555f0249cdc338ff90bc516e4f2ab9555bfd515f71fe0","ssdeep":"192:9NNIxO34OxDENOPCO3/Nx8NNryfO3iExlONEhYO3RrxGqC4GRZfRG4W:vXuM0p2+/ge","tlshash":"3a42aa92002ba500ab971dc233cf7f3aae8e50896085d5796ffd0cc59cded66436876d","first_seen":"2025-10-30T17:41:43.802938Z","last_seen":"2026-07-02T12:57:10.935793Z","times_seen":4,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":24,"send":0,"wait":34,"receive":0,"ssl":30},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"defendercontrol.app/images/add_defendercontrol_to_exclusion_list.png","fqdn":"defendercontrol.app","domain":"defendercontrol.app","tld":"app"},"ip":{"addr":"172.67.159.112","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"lazy-img","requested_by":"https://defendercontrol.app/","date":"2026-07-02T12:56:34.347Z","timestamp":1782996994347,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"mlkem768x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"defendercontrol.app","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 25 May 2026 16:44:24 GMT","end":"Sun, 23 Aug 2026 16:44:23 GMT"},"fingerprint":{"sha1":"91:F7:04:92:E9:FB:9A:DA:8C:D3:A7:04:FE:C6:F7:43:1A:94:CC:30","sha256":"2C:C9:58:3D:8D:32:E9:5F:2E:2B:97:56:64:31:4F:ED:06:63:C2:44:5E:2B:A9:F9:87:D3:75:88:60:BA:26:AF"}}},"request":{"raw":"GET /images/add_defendercontrol_to_exclusion_list.png HTTP/1.1\r\nHost: defendercontrol.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,image/png,image/svg+xml,image/*;q=0.8,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.9\r\nAccept-Encoding: gzip, deflate, br, zstd\r\nSec-GPC: 1\r\nConnection: keep-alive\r\nReferer: https://defendercontrol.app/\r\nCookie: _ga_JS4ZXQBTS7=GS2.1.s1782996994$o1$g0$t1782996994$j60$l0$h0; _ga=GA1.1.1527013630.1782996994\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPriority: u=4, i\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 \r\nserver: cloudflare\r\ndate: Thu, 02 Jul 2026 12:56:34 GMT\r\ncontent-type: image/png\r\nlast-modified: Mon, 27 Apr 2026 06:16:20 GMT\r\nvary: Accept-Encoding\r\netag: W/\"69eeff34-5601\"\r\nexpires: Sat, 01 Aug 2026 12:56:34 GMT\r\ncache-control: max-age=2592000\r\nstrict-transport-security: max-age=31536000\r\ncontent-encoding: gzip\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iw5uxF4WzNgmwfsjgDrDlV5xtd6xPbkBraQjncoNBj%2BjApcsScYU6L6xmB8W%2FS5sKbs24eUM3XhhgetjOTHactM1PYseskcbbgh9322WPRCtYeWXBNJqM51oN47yDvD2RNMDV9%2Fs\"}]}\r\ncf-cache-status: MISS\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\npriority: u=4,i\r\ncf-ray: a14dcfaeab2656b9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":22017,"size_decoded":21341,"mime_type":"image/png","magic":"PNG image data, 599 x 515, 8-bit/color RGB, non-interlaced","md5":"d9be6fdae4d1a13f3c4ea64fae20e26d","sha1":"7aea7b6ca40573e8387d71a05bb5e26aa2cd7bb1","sha256":"bb89ca13f37802adce06d5653431f60c97fb50e4212dcd1464cc2777e3229d35","sha512":"de4d54c3a38125c0960e8ebb2149658d22aced092e2efeffbb0fa3f8156b17300ff6348800bbd72ca93a33be7f44769849053a05ca41ff2b528bbd7a1535b99a","ssdeep":"384:pEfHnI9S2lcRYFP82UsJ4YaYxeMXp7oq6CeQAFW:8HI97lcWFP8HMZaYxeMXlo2OE","tlshash":"bba2bf4db7c696e507a89f0ac4c7f5b31002c07dd76a9327d1860aa8515afe87cd83eb","first_seen":"2024-11-08T02:43:17.34198Z","last_seen":"2026-07-02T12:58:13.09245Z","times_seen":3,"resource_available":false,"data":null}},"time_used":183,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":181,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-07-02","alert":"Sinkholed","trigger":"defendercontrol.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}}]}
