{"report_id":"592bac82-d53e-4d76-8446-f13722199134","version":6,"status":"done","tags":[],"date":"2025-11-23T07:21:12Z","url":{"schema":"http","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"172.67.149.44","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"title":"Official1auraa Archives - Kedai Bokep","dom":{"size":67550,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"2c909ac8861e73787e8afbdc372630dc","sha1":"616ade16fa400dfd0c006295ecffba92b182d8eb","sha256":"c0d4c942d701776af166dcd3253dc9447ffc355038b2087db37ccb562653ec8a","sha512":"eef173ffc75f37c993259e03fa4e7a7d4387ddb1bb1d726c731b2f35cdfad0f0b60b89bb6eac5542c35323f8c3c70d5c07a2cf2dad3c528a7772ca8fb8033bb1","ssdeep":"1536:RpRp3itiBbObIHuHrFlF/FPF4WEZ2Ylso3M0+8n9:RpRp3itiBbObIHuHrFlF/FPF4WPo3M0F","tlshash":"2b63be5b2dd61150832a4279a3fe6f28661c85831c1bfcf9b3e5148d8f45a7c93ea21f","dom_hash":"domhash37fa84df85cae22f54658f4955cb225f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"172.67.149.44","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-28T07:21:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":42}},"detection":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-11-17T00:28:00.919789Z","alert_count":0,"request_count":18,"received_data":1231232,"sent_data":8758,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-11-16T22:13:25.532985Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-11-19T02:16:45.643485Z","alert_count":6,"request_count":2,"received_data":1060,"sent_data":1530,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pl27982090.effectivegatecpm.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-07","domain_rank":0,"first_seen":"2025-11-23T07:21:14.742515Z","last_seen":"2025-11-23T07:21:14.742515Z","alert_count":4,"request_count":1,"received_data":44210,"sent_data":461,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-11-16T22:13:25.550079Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1098,"comment":"","tags":null,"fingerprints":null},{"fqdn":"foldingcutleryhelium.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-11-10","domain_rank":0,"first_seen":"2025-11-22T09:35:24.932643Z","last_seen":"2025-11-22T09:35:24.932643Z","alert_count":138,"request_count":46,"received_data":198148,"sent_data":71080,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-11-17T08:28:43.475071Z","alert_count":21,"request_count":7,"received_data":249551,"sent_data":3161,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-11-17T11:05:45.168485Z","alert_count":8,"request_count":4,"received_data":21219,"sent_data":5797,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.highperformanceformat.com","ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-10-15","domain_rank":366864,"first_seen":"2024-10-23T18:32:34.138968Z","last_seen":"2025-11-17T15:15:53.232334Z","alert_count":20,"request_count":5,"received_data":236899,"sent_data":2295,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-11-19T07:32:15.648628Z","alert_count":6,"request_count":2,"received_data":171912,"sent_data":824,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-11-17T02:39:22.98707Z","alert_count":85,"request_count":17,"received_data":63060,"sent_data":28166,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"3.125.70.62","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-11-18T17:36:30.087644Z","alert_count":0,"request_count":3,"received_data":1269,"sent_data":1332,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2025-11-21T12:44:25.979418Z","alert_count":20,"request_count":10,"received_data":51072,"sent_data":12562,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"pl27982080.effectivegatecpm.com","ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-07","domain_rank":0,"first_seen":"2025-11-23T07:21:14.748671Z","last_seen":"2025-11-23T07:21:14.748671Z","alert_count":4,"request_count":1,"received_data":107425,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"104.21.15.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2025-11-22T01:37:37.024626Z","alert_count":0,"request_count":1,"received_data":2268,"sent_data":480,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-11-19T14:00:05.408664Z","alert_count":4,"request_count":1,"received_data":377,"sent_data":417,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"kedaibokep.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":47,"request_count":47,"received_data":1265689,"sent_data":29360,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Redis Object Cache","description":"","website":"https://wprediscache.com","common_platform_enumeration":"","icon":"RedisObjectCache.svg","categories":["Caching"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"bxSlider:4.2.15","description":"Add a respsonsive image slider to any website.","website":"https://bxslider.com/","common_platform_enumeration":"","icon":"bxSlider.png","categories":["Photo galleries","JavaScript libraries"]},{"name":"Redis","description":"Redis is an in-memory data structure project implementing a distributed, in-memory key–value database with optional durability. Redis supports different kinds of abstract data structures, such as strings, lists, maps, sets, sorted sets, HyperLogLogs, bitmaps, streams, and spatial indexes.","website":"https://redis.io","common_platform_enumeration":"cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*","icon":"Redis.svg","categories":["Databases"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Site Kit:1.166.0","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]},{"name":"Yoast SEO Premium:26.3","description":"Yoast SEO Premium is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO"]},{"name":"WPMU DEV Smush:3.22.3","description":"WPMU DEV Smush is a WordPress plugin that allows you to optimise images without losing quality.","website":"https://wpmudev.com/project/wp-smush-pro","common_platform_enumeration":"","icon":"WPMU DEV.png","categories":["WordPress plugins"]},{"name":"WordPress:6.8.3","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Yoast SEO:26.4","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]}]},{"fqdn":"pl27982089.effectivegatecpm.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-07","domain_rank":0,"first_seen":"2025-11-23T07:21:14.741315Z","last_seen":"2025-11-23T07:21:14.741315Z","alert_count":4,"request_count":1,"received_data":82438,"sent_data":463,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-11-16T22:16:03.162694Z","alert_count":0,"request_count":1,"received_data":431472,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"s.w.org","ip":{"addr":"192.0.77.48","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"domain_registered":"1993-12-01","domain_rank":27695,"first_seen":"2017-01-30T04:56:16Z","last_seen":"2025-11-16T23:06:27.075537Z","alert_count":0,"request_count":1,"received_data":1029,"sent_data":454,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"6c42d00970838a6d1bcd6416a09c4f82","sha1":"6c5cb23a550f8c10ea75da95737fb11b5ab61bef","sha256":"747f3f3b678868f661165fa6943a41d73871aa5e4dbc8ff3a44aafa7d1aeb0d4","sha512":"01c9e1ae0ec239fa4e30df706e8ca294fd626e76ef41f344567276ad959c3d8297ba2893a9c85752fcb7ebb61989946c28be1d7382a66a072b1537c790da603d","ssdeep":"","tlshash":"4331e53629423370ef82e5e2e90fe51b7ea073086c498f85c83e7bdb0e558c4225b84c","size":1804,"data":"","first_seen":"2025-11-23T07:21:30.215033Z","last_seen":"2025-11-23T07:21:30.215033Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"338b98b807402e5121fbce4193f768f1","sha1":"fc627215fcacc5b8fa3c49442bfa80bb8a314f3c","sha256":"4ae9ccffda91e7f3b3dd8be61068e88047f848d2ac9cd7c8cd46da3dc3e52de8","sha512":"90935de595a86a37f34cd29cfd934604dfdc5d6592913e8ef47198c46076932ea552e184c11aa3bf2866ee43f326e65825f93302a81234a8b9b660b4081d7440","ssdeep":"96:Kozy/o5sCGLn9XiwsKqqj/eDk/EvW6a75l7f+F1jD2CfMEDaH:nznslLnIvKX/akMvW6ar+/v2CkCaH","tlshash":"36913a717ce9aa326997a05b133be5583da7411b1d44dc03bd1cd6031b90fa28faed90","size":4585,"data":"","first_seen":"2025-11-23T07:21:30.216457Z","last_seen":"2025-11-23T07:21:30.216457Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"56903d536c691ff8d0638e9beb72f30d","sha1":"9d937bdb5669446c82fbca955224eea68333bbac","sha256":"f377f8d8b2a435e6064b304befb50ca8310004d3120cdcbbf82050579871814c","sha512":"f37c8727464978e0ba6dd4589728bd87c7eb45a64ec927e57b97121f366c601080a00ed908d9b64225aad93e7b6cfc149b79c8aed8f9c01cb5ebf6834985f79d","ssdeep":"","tlshash":"7d61989a3775348b32b604d16a2f4e07eb7258261a88d034cab9a7541cb1463d37ae4a","size":3411,"data":"","first_seen":"2025-11-23T07:21:30.21793Z","last_seen":"2025-11-23T07:21:30.21793Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","size":13577,"data":"","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-06-10T02:14:35.582123Z","times_seen":827751,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"3d1e560afd6cbafc845bdd2d48b08916","sha1":"081d33cdc29f7b8df413ae1ea0d6896c5ae53bd0","sha256":"e7f4c53d128f5b17b726df89de5048f33811921b4dbd73a1c1523add0389dfb4","sha512":"31df25723ed2dc1636282587780e26efcf6f04478d6ece22d2471f1e190c943cf5a98d9e11e3563f5be19daa40b212797ccc965a9296556591739951bec7a8b5","ssdeep":"","tlshash":"4d01683320c10efbc9bab80217553795365333ea9678641148dc150839bfe47e0d48c8","size":725,"data":"","first_seen":"2025-11-23T07:21:30.219435Z","last_seen":"2025-11-23T07:21:30.219435Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"aecb87f59bd42a7a0dc768493e311310","sha1":"463c15cc9d46e77b9f0140caf1591df9a67d4cf5","sha256":"63f6a832b8e0c06d2ee9616a223840726d52dc9350c1d79771be8c0665321a6a","sha512":"3d3800dd2376b355e06172d69f98cbdab4eb34f65f2e85feac3a979831c64bc4a3792ffa12b705ffa2cba8f7136d4dbe6e8d28edce769f0fc42b57215efb50c1","ssdeep":"","tlshash":"f1f020aa3c894434c3bb22692bb391443039252f340ead11f54d18623f9096148ab96c","size":572,"data":"","first_seen":"2025-11-23T07:21:30.220625Z","last_seen":"2026-01-21T06:24:16.183013Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"a583395748976a462b60516f09cb8d88","sha1":"8b093843a877d236756dd17064b817c78eb5d815","sha256":"2cd81fc73007d8e8fe37f91bfcf3731fd7a599a60e5288faf1466f5df53d56f0","sha512":"a35035e93d993d3414d819684e66481f7bb7fb12ec3b44f585a1f906841372aca5b0e64a2745b19d341822c525fa89a3c06df71de803029bd8ba78fc83c6b649","ssdeep":"","tlshash":"4f31e7bd90f8322c8fd1896b0623aa45ae6b074ee459c7011c62c8c013959cc982b4fa","size":1546,"data":"","first_seen":"2025-11-23T07:21:30.221956Z","last_seen":"2025-11-23T07:21:30.221956Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/navigation.js?ver=1.0.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"eca10535dd65f4979e3b3ad3ec8e02c2","sha1":"54c38c3bf24825e407741ef0e316f678a5b580db","sha256":"802bc6725fd37d15aa9d599fa3f921fca0d4c585162c7b23da8ccd6f3ded751d","sha512":"680521331d53bb6b47390979cbb907f78607dc713d99405ea8664d401b8e9e3106bca7111c1142d8abb4a5d71a7957998ada61407432f084648bba32ed8e1d27","ssdeep":"96:wqduIPMiXjA1L1AWeyQqECAvBvRgY31rr/qBvHsMTFsPFxLdY0fdKI:wktP/W1Henqxy1R31/iRHsIFiFPBkI","tlshash":"7c91318aff88217b71b7326a697f61ed373844339a085c22f874d1a03d9446406bafdd","size":4500,"data":"","first_seen":"2023-03-07T01:26:46Z","last_seen":"2026-06-09T23:41:36.651054Z","times_seen":3898,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/547d8fd3bf5eca459123df29d60ae120/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9364cde750df29e39ae425d5a5ca94f3","sha1":"1d3ce32e09cd5c93f8e51f64479c70076f114716","sha256":"1e0be1165f3c18f37ad40f922e4b9aefb5099fc3596095db7405fcbbfaed1c86","sha512":"1790f371874dd3dce499cd33179a6f78632be864d5517fd167609b7ca5195f32315cb418e493387e0420786cdb854fb1e2aaf06cafe0dad699a373d7f0cf0d37","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/Xst:c9VtXvZYD6s/7V1Pela1Y/oJCZPst","tlshash":"d623e88a3f91f09d83da317722af500bf85e4c966188d444e543b4b4effa36ae536a14","size":46550,"data":"","first_seen":"2025-11-23T07:21:30.135877Z","last_seen":"2025-11-23T07:21:30.135877Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d5e2aa7e6adc5eb1b3d4c9272cac76d2","sha1":"2789af9d9ebb86a47df12d029499d724e806858f","sha256":"69bf63194079488e5dd74c13089a410646dd3b596ad76d4de2a5ce788b82a6bf","sha512":"c2f5ffdbf01a82624e204b3f11eac1de595ac1e623b011fe42ba5ae98c03c4d9e0cf844f425117c1c93a0d8d2cb90c77929e5c0611afc47de2cd2bbbf1a01849","ssdeep":"","tlshash":"1db00276b5154d758a5e554d727dd3d43c7804c0f7433901d07c74491070dc65c01e48","size":102,"data":"","first_seen":"2023-03-26T14:04:24Z","last_seen":"2026-06-09T12:04:41.343484Z","times_seen":16517,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=GT-W6JKBDF6","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"533a64689bfef45f9c74b7d62592a848","sha1":"eb839334c8cf26abac7aa98f24c13c4d4ea17490","sha256":"fa37e0e0cdc440a0155eb96657bd9e91b4c274ed3656344feb428813f1e0bd26","sha512":"c8c6540dd8ee639b585c43aab8351d1674b1d69ca4359ac5960c47d1932b6b979539703796b2c783e19ffe66126912630c3c43b57a218507493aaf5d880c40d1","ssdeep":"6144:NJyYBUKitJeUI2XVUULUVWo6O7GQEO7QZ2ElVFBoOr+Lu:DyMDi2UnVUUtO7QZ/","tlshash":"8c941ace73d674265396f078502f018ba57b28a2b44cc896f1c9cde12e74a9a4277f7c","size":430868,"data":"","first_seen":"2025-11-23T07:21:30.129202Z","last_seen":"2025-11-23T07:21:30.129202Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-06-09T23:55:24.602041Z","times_seen":12081,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"48fedbf2a2fa4a61e16d55d610b7e47a","sha1":"f7d6809ae88f219d6154de6524d021d4fd74619e","sha256":"0dffd741f1007ef55efe25c760080c6ce8cc9558571c730e87faa6264e8237c0","sha512":"01d6f040c61cd4abec5ec70e574a4ca2e54e40f6263826af2c509b4d3d50a672d4243e31535cef0b9e91799b6f86e8ab751eee5a2642c347567c05973082d381","ssdeep":"","tlshash":"aac02bf8c004f31c9262c801082cc250a310ce213839d03321d00434414090bc857fbc","size":139,"data":"","first_seen":"2025-11-23T07:21:30.224016Z","last_seen":"2026-01-21T06:24:16.187234Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-10T02:25:10.749544Z","times_seen":18512,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"946bae3817182684716d92e9577846ac","sha1":"db2e99a1dd2e98ff02f8264593e99a5c589530c5","sha256":"2fbc21b3d451da27931a15fc3d766e518b3ca640411dcf756fd4317ae12a170f","sha512":"7993292e938f627bb10afec199602f9a40f5223b5bc563a92ff3515d88f0f6540cb5115f4ef14a114cee865da8df8923a75736ed96644bb770711c78dd2a9611","ssdeep":"","tlshash":"fa31f9f5c25b36dc57d5f4ed0320403ddf8380fd421a19884a4582a9e342d19fa6d499","size":1530,"data":"","first_seen":"2025-11-23T07:21:30.225168Z","last_seen":"2025-11-23T07:21:30.225168Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"9f88a858d33946e65fe060c6a3f29c3c","sha1":"d04cb21dcc4ae2db63d3f8985d78743f9069645b","sha256":"55a33cb009b6522ae616386d551fb1415117d1cc9d71a1ebbf2905ba87e968e9","sha512":"41bd5599f69c32fc843f3bbe10ce5307b15c05321a70bc5c5866204938e556c862987c5eda209bbdd5b35823a73caaf296192ddcf436abcdf2c36192eeec1244","ssdeep":"","tlshash":"27310be650be38b00c7ae13a14aeb76598e4c1160a99a14ed4208f4202bb3e506fad6d","size":1810,"data":"","first_seen":"2025-11-23T07:21:30.226377Z","last_seen":"2025-11-23T07:21:30.226377Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"27922e97c9950ef433cdf8c6127b7bf0","sha1":"4b94a911fbf23b04a5687044439bc2c9199b805b","sha256":"a687317f729d506ecc94499121bc293ea1f06e64c30c3c548f732db4b9d79599","sha512":"ba3a9ae6f208538f20e52dba9e163b09fe3683516effb711abebd74bfee3d0a6ebf7b8bfb2df87ea53d2f41ddf9c5e9fe6e34c3509b54869d4c1c6b82b06f111","ssdeep":"","tlshash":"9cc08c84aa022d30736a3c4fa38ea3a088e34323bda0380358a44080b0c60234683000","size":145,"data":"","first_seen":"2025-11-23T07:21:30.227718Z","last_seen":"2026-01-21T06:24:16.180402Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"d5e0dee7a0a6e6efc874d56003f2219d","sha1":"67ad76d724818400e6fefd232fcf1567af49c62b","sha256":"6f194d6705c4d150233097eeae066b8e1ee730d554734c14bd4a56035dd8cbfa","sha512":"4b79b662b9ed5b147563e97e2b9ccc70cc078f3f51cec5019e068228519cddb7c9d06bcc6890d59178ad28f59935fd84c035fa9269c7e173a92d2a3287f22949","ssdeep":"","tlshash":"f531e9377469773789abf153122ff2b95acf42970f44d592581857832420aa9077ec48","size":1798,"data":"","first_seen":"2025-11-23T07:21:30.228968Z","last_seen":"2025-11-23T07:21:30.228968Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0e5cd2dd23b6aa0ce7fc86eccf526612","sha1":"7275ef7704b19d39af53f05c1465038fd0b3280f","sha256":"6d8b3451933fb68dd96ea5a5dcc9b02be8aca84713d92f4c7b25ff26aa7a0fab","sha512":"2812d46e02998db74288200179a7a12fce1cde7f62dead8f61e51f270104027197e1125e54e896affe7bd71c785f3ee5daf8dd616b88e9c47da9644878b16c3a","ssdeep":"","tlshash":"2dc02be0c040fb6841a3cc001aacc000c321cd313d9c102729f00c26418048185c336c","size":139,"data":"","first_seen":"2025-11-23T07:21:30.230186Z","last_seen":"2026-01-21T06:24:16.190559Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27982089.effectivegatecpm.com/89/d6/f1/89d6f1c80b1e0bbfc99e7ec523be338e.js","fqdn":"pl27982089.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9dab838086d6424ba6650c38bcb951ff","sha1":"9695d15aa4eb8db8605d8b35d3ba48e10ef5974b","sha256":"17d529aeb367cf2039aed74d498cf25a2a12861f9aae4d0055c3283132164583","sha512":"d2da7d5ed6981fe22a48937a9d756a29a30b701425608a1284b26cb892cd8e5284d9cb0733df28b1813191647d77816248136b8bb38675e45da41677b529644a","ssdeep":"1536:T6tuuYKb5yrHvXp2mbVKBw591hyGoitf68hK3vZEvF:TmnYKb5QEmbV11hyG5tinZE9","tlshash":"2183e6883f51b09903d76077222feb8bf12edc10109ee444d623e5d97b6834ae5bbe65","size":81581,"data":"","first_seen":"2025-11-23T07:21:30.096787Z","last_seen":"2025-11-23T07:21:30.096787Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c19e1120e32c36e7de00f03c63bd65a0","sha1":"50356399aca1f68db23dda814a93089ad57aa4eb","sha256":"f623d06e500d1c17e8ce3083b287b3a88137b30fd9dc05b1f6e2a879152817b3","sha512":"501920a21a589317aee4a22030263f00d8b0562c2050689be9e0e3a13c9e1563394d93339b569cf8ad66d5a5c73229286c97ef2622f96878cd5ef015a4e8a421","ssdeep":"","tlshash":"e0c02bd4c084f2985092cc001cacc141c300dc10aa28801b31d00b39428064a458176c","size":140,"data":"","first_seen":"2025-11-23T07:21:30.231353Z","last_seen":"2026-01-21T06:24:16.192988Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-10T02:25:10.749544Z","times_seen":18512,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"25593c9e59b9ca4fafbe07f5d1f056d3","sha1":"c917771c37a3dc8ad8ef1b0428fb526169bc27fb","sha256":"1b383a48c4624fee7ace4b20d1b85f2ae940a8f1e59716459295b523b8a1b205","sha512":"251fa9164ad383003846aa3b2326259b4c253ddfddfcab20e0477e67e9cadb1af1195a2734f42fee489a7114d7792f8acadf414b835b253a1cd93acfa8debc62","ssdeep":"","tlshash":"51c08c44abc60021f941380e270213c18cc1a626ea316808309883a8608a0270910050","size":145,"data":"","first_seen":"2025-11-23T07:21:30.232568Z","last_seen":"2026-01-21T06:24:16.195488Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"25593c9e59b9ca4fafbe07f5d1f056d3","sha1":"c917771c37a3dc8ad8ef1b0428fb526169bc27fb","sha256":"1b383a48c4624fee7ace4b20d1b85f2ae940a8f1e59716459295b523b8a1b205","sha512":"251fa9164ad383003846aa3b2326259b4c253ddfddfcab20e0477e67e9cadb1af1195a2734f42fee489a7114d7792f8acadf414b835b253a1cd93acfa8debc62","ssdeep":"","tlshash":"51c08c44abc60021f941380e270213c18cc1a626ea316808309883a8608a0270910050","size":145,"data":"","first_seen":"2025-11-23T07:21:30.232568Z","last_seen":"2026-01-21T06:24:16.195488Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"5e0dcbecb49f767c9d701335f0694043","sha1":"d737cceb0c73971026dbb834a5657d4068cd867c","sha256":"5ec733a5dcd16261b2cd5f1c9166cbbabbba7456bf05a026414f0978e474fb1f","sha512":"4053b7c13edfa2de4da50f7c1c087079fa24be1013e9f754a6f10f0435a562ac8213224763dbc67975d764319731714c8e7c67762b55984201f2aa9b6edc4528","ssdeep":"","tlshash":"0831eab0149e758759d498810b27a9417ff33026a8c69417693cd411a1c1d27d28f570","size":1530,"data":"","first_seen":"2025-11-23T07:21:30.233654Z","last_seen":"2025-11-23T07:21:30.233654Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9bc8b6a0f162da8d7a0d1e3abeaaf9d3/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6a551666508e3a458709d9dd42d7d132","sha1":"f52547bc09c5e716cfae1336918298f84fa40da7","sha256":"d98b6e36ea434011b53cc6f7ae61d84c6d6269685ff014459603fe878dbc0862","sha512":"31c4360e503ad2e0370085cbae56ea479c2b8eb8daeb176a35b940e8dfc57d51536e4dc758a4037cb5e8645be31f4638d2f5e7d86464f095a1e7125878ad48ca","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/l1t:c9VtXvZYD6s/7V1Pela1Y/oJCZt1t","tlshash":"f523e88a3f91f05d83da317732af900bf85e4c966188d044e543b4b4effa36ae536a14","size":46502,"data":"","first_seen":"2025-11-23T07:21:30.098979Z","last_seen":"2025-11-23T07:21:30.098979Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/jquery.touchSwipe.min.js?ver=1.6.18","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4cd5ea35543390c5fc4e9def651ab721","sha1":"d360aa74dff157fcefda69336ecf420f04940f98","sha256":"9167cb37ed21405ef9556646b83789a2099c15398f5cea867470df1e81752e17","sha512":"d666a51729862abb8d23b0cca5d5ade738c08df2a23fbabb55be95f2a1fbef60255bda850cb36457e70bb2706067f9cee620169c9166f5e9f29a48af470d4fab","ssdeep":"384:lrKvSC3FheMYNzktJlro8aVfPxodAuyalYleh++PFoAS4TSPE9MfA+0UUTK7:gqC36LkJcjPxodAl8DiPE9/+0UKK7","tlshash":"da9294c5bb053d53e9ff12f64157170ba2368eed050e10289839efc629314b1a6efb69","size":20430,"data":"","first_seen":"2023-03-07T01:15:16Z","last_seen":"2026-06-10T00:06:15.473029Z","times_seen":5126,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c19e1120e32c36e7de00f03c63bd65a0","sha1":"50356399aca1f68db23dda814a93089ad57aa4eb","sha256":"f623d06e500d1c17e8ce3083b287b3a88137b30fd9dc05b1f6e2a879152817b3","sha512":"501920a21a589317aee4a22030263f00d8b0562c2050689be9e0e3a13c9e1563394d93339b569cf8ad66d5a5c73229286c97ef2622f96878cd5ef015a4e8a421","ssdeep":"","tlshash":"e0c02bd4c084f2985092cc001cacc141c300dc10aa28801b31d00b39428064a458176c","size":140,"data":"","first_seen":"2025-11-23T07:21:30.231353Z","last_seen":"2026-01-21T06:24:16.192988Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"7d86f52bcdad291d29248425387972ed","sha1":"b3dcf72964dcc0bd88f457b2029d020c118b932a","sha256":"c1f503dfa09703eb0a75983f49990cfa6acbcf9538ad46ed789d6ef4d16157b5","sha512":"3489829ffcb0026db0389b1f28fb946f78a10a695b2151aa09ca7569fbb2ce2d971e4aa61d8bca157ab94221855566b2729e6e74e9fb373d0c46734691b635a7","ssdeep":"","tlshash":"433109a9733c30e8a8bf63fb011bfb542ce2e2171c798ec684915b4122752b9d13ec81","size":1814,"data":"","first_seen":"2025-11-23T07:21:30.234745Z","last_seen":"2025-11-23T07:21:30.234745Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"a35524da1f8c0dbc27e536fabb7cdca3","sha1":"cc55fb034daf273e582a72e5d714fe63e6dba725","sha256":"5ca5f2cab465ad7c09dcb7067a7cdf383c2a671e72eabe7e32c1fa5ef54dd510","sha512":"b0c4bb2d329021adaedecb7c4720e858da61aca5cab6b0cd1fb11111a87761fdedce871a7fecfa10085066da491dab2ed459a64481cc884c904a09a67f4ed4de","ssdeep":"192:JzJ0LiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:Jz6LiEWiFiHn1VuexjrHnAym","tlshash":"9522410809bac931c15ca02f203e26a2f7240a539d7abfd4bb9941045fdd95fb97823f","size":10330,"data":"","first_seen":"2025-11-23T07:21:30.236095Z","last_seen":"2025-11-23T07:21:30.236095Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","size":87553,"data":"","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-06-10T02:14:35.575817Z","times_seen":898197,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"74403724b79afc123cb41760bfe3c769","sha1":"130c3f0908f74438507e7ec649f83c6808cd3712","sha256":"4b77bc590a7e34519e713be8296b45d55deffccd97ded67c5d661541dc647f6b","sha512":"059a015966edc401a1155eb4ed35922abdb59467b90f30c5fe724a8c1d9149daa2de44911690d1c606762da2269cd413f642948a106a95f6f1c60cab2e7bd0a8","ssdeep":"","tlshash":"7cc02bde9300f36c1092c8530c3cd541c314cc22388d402734c0102502e07046892bad","size":139,"data":"","first_seen":"2025-11-23T07:21:30.237381Z","last_seen":"2026-01-21T06:24:16.193832Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/10/4f/b1/104fb17107ff84126282d6221732be30.js","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"38f9750f5ad7e6181988bb93ae1c8eb7","sha1":"80e855b49ea41f39f930b3821ab628ed6b46638d","sha256":"2ee66450d5f411ccafa8b298cfe78164bafc4604dae1d232b08c100265bcc555","sha512":"b05f4c6a01f0c408ede7e73df684eb498fca0a4b6cb9c734596072ae02cafae7be3aa4a69782f223a6593e4213adc9fe58ff213c66b572c7f5101aa7d83a7266","ssdeep":"","tlshash":"6ec02be49f01103bf371740fd7081381eee24b32b83364b652d84090f08b133c001d88","size":145,"data":"","first_seen":"2025-11-23T07:21:30.238589Z","last_seen":"2026-01-21T06:24:16.176083Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"11d877d6dcff28cf1169544918c399e0","sha1":"fb3a0d9e4ae4287f700911fd0da9e6dd5cceddf8","sha256":"dd314c1bc4282959b56c22c5d28acd87d45fe9b200cd900ef7c91a3d709b7b3e","sha512":"bf7edf36a4a752c5361602b2ffb7d375a5d9da207cd296cd37bac14df6cf68319fbf80e78410169c90768352d5641ef982624216755d6f5b4277b18f78bd710c","ssdeep":"","tlshash":"39e0ab2998e706388cf63a441039ca7934f838a0aaa3d01b525cc82cce39fc50c04aed","size":424,"data":"","first_seen":"2025-11-23T07:21:30.239727Z","last_seen":"2026-01-21T06:24:16.194656Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9bc8b6a0f162da8d7a0d1e3abeaaf9d3/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"1392621521fb2dc892b3072a044dc9d5","sha1":"428236908ea7f8f357cd86df8311f6780be71a8b","sha256":"8d1563107a2951d97c239bf59aea0743e153d488c6cda725575395022b580d04","sha512":"284b20096adcaad45297b20ce02cd16ea66a6cf906faf84e533f825731a9f8cca0bd22521d97135f252a3e75cbaf90c817973520bcc5b0bbf0bac844f78616f6","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/h1t:c9VtXvZYD6s/7V1Pela1Y/oJCZJ1t","tlshash":"a323e78a3f91f05d83da317732af900bf85e4c96618cd444e543b4b4efba36ae536a14","size":46520,"data":"","first_seen":"2025-11-23T07:21:30.158616Z","last_seen":"2025-11-23T07:21:30.158616Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"75abd4cd8807b312f9f7faeb77ee774b","sha1":"e7b7a7ed06d0123ab8667a1d1eeb23de9f2bece7","sha256":"ca424c0181141900220a19f998ffa7660380bc99ab99557ad458a083251f7034","sha512":"c9f1f752994f1361555680ca5a60339fda152587ccc055db20148c086d82846887dd0801187aa033829b7d5eb9644b9391f493965eee35b4a1592f82cbb36aa4","ssdeep":"","tlshash":"bb01cbb6b30d44b604aa32178d5f61cd297d91e3a829649b8cc909502924c6d23befb8","size":683,"data":"","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-10T01:50:19.74765Z","times_seen":12109,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"470a9f5fbe9e3c9d77bcde395d5e0505","sha1":"e43da39701a136014abb08ec3fb13b2c6780fd24","sha256":"f9a6090a6d21d4195803b9ca4e19323796defa83066d5dd6dcbe2265a256f9be","sha512":"1aed914645dd6c0a6b408cbb6daf501b59d13590a71f0ecfab47aa03dfb12b7a5b5d24af9c57eb983457af64bc22a764971737ec0df61a4887e22574d4c1f391","ssdeep":"96:Dl0ozvsJlawhh/qmv4RI5ydp+xSqL4efk/lhh/qmv4RI5ydp+xSqL4e91jDurtCi:DlNzIl1nv55yd8Zfk7nv55yd8ZHvurtv","tlshash":"2d912aa92bac90fc746751bf0237ea083ca2911b6c39cd45b5dcd6016b617b0c97eed0","size":4621,"data":"","first_seen":"2025-11-23T07:21:30.241058Z","last_seen":"2025-11-23T07:21:30.241058Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"81c2ea6b023014aa6b0cb648100d0c25","sha1":"39359498c05b34ecea8725b3e7b573af7f55a3ef","sha256":"34b67c0651395d5ba1ef945de985e457a96a2d43a305a6e29324a360d0811d83","sha512":"5a0229d8517296f6646a8757ba7aebeef4a096a03a573359a90ed2d2f8f672068811fd800a4da898e1283511d18814f284cfcc90a078fcdefc2b73f92cf261eb","ssdeep":"","tlshash":"cf3107e8232c60ecb43a06ea0923ed082de2a12ba87a8d4481a15501a3a6331d52e1b0","size":1550,"data":"","first_seen":"2025-11-23T07:21:30.242388Z","last_seen":"2025-11-23T07:21:30.242388Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"7e061dc6517d2181648ed9318bcdcdce","sha1":"220078ed8bf17c27b7da6199a094ece950e0a1a9","sha256":"9b9c2d077f22d9574aa5df5fde207735e9074651ffb2db326454912fe477ed6e","sha512":"42b1e199b4ba09db66da5b00b09a60533bcd473d16087fe9616c17a491f678dd96c47a632863bb036c3c0ab711ce3f53a839a8205387311f34c51ca6fca17b03","ssdeep":"","tlshash":"6ac08c483b0030307da838cf2b0203c689e0421f78b2e42b58084080b0d232a2811c8a","size":145,"data":"","first_seen":"2025-11-23T07:21:30.243574Z","last_seen":"2026-01-21T06:24:16.196195Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"56fd1b0641d6254c9ee90da5d2494e00","sha1":"3faf6e04a148e4c1464ce7c9c3015480b4b5783c","sha256":"880995ab5fd5720e029d9d56d290983a5f301672c57221ab1be75cc1e861f0c1","sha512":"a238a365e97fd6a8922be6b2b283b8c8b1ccd11fb7b7cfd2348ea37192943d521b2892ee88acd8e6250e1ee2fc1c81a767bc59e986b19bc59e1dccbaa08fa46e","ssdeep":"","tlshash":"ade07d604786afe331f1e6d0502c4ea3a9f5b111a8589d6a13ccc8944e92903f7ee81f","size":327,"data":"","first_seen":"2025-11-23T07:21:30.244679Z","last_seen":"2025-11-23T07:21:30.244679Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/6b59e6699e45dd3d2d19a55f904013ec/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"08d73b863c0f6b24ffcb99b099be1995","sha1":"999f2e16d29d8ff19ee861d6a8c9741d2788eca6","sha256":"37db87ad62124160158a0f0d65d810b462bfb8043af82fda1aca8031d175ad9a","sha512":"1fc50a8af73be0bbec8574802c944a27389c6fe348f822c61ca96c35a8b9df7d7c2170d5411108db7a40fd17e0cd76f8a62dab0cafca5275d251d951074598fd","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/Xdt:c9VtXvZYD6s/7V1Pela1Y/oJCZPdt","tlshash":"e723e8ca3f91f09d83da317722af500bf85e4c966188d444e543b4b4effa36ae536a14","size":46550,"data":"","first_seen":"2025-11-23T07:21:30.17311Z","last_seen":"2025-11-23T07:21:30.17311Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-includes/js/wp-emoji-release.min.js?ver=6.8.3","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c4b50535f3e989a77d537d5486342d47","sha1":"2a1cc988298c022def9376bd54f608f44154071a","sha256":"db8ee8be2b2456c191fc0739f34f6ac675af8ba4782380cf233024498e0eb968","sha512":"be3b974332c4dadc30025aa911fde008442c9f4966ade014a7b8f05926688e30b9fdc32ebdbdd53fe32fc3f4d9c6ac2310b98dc6602843f2d8f00b1ded4e9b83","ssdeep":"384:WAevzW+ZTbXUH3o//bEPhXgA5H1efAJmpr:WF6UXUH3o//YpXgAGfACr","tlshash":"d782fa9bb33a4e8f343e3bd7cd968f4dc9da555321c0e078dbeeb68169a00568274c90","size":19251,"data":"","first_seen":"2025-05-09T23:23:48.206606Z","last_seen":"2026-06-10T01:38:17.628329Z","times_seen":208188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"b621094b08f5d8f58df8ab97a5b7c8ac","sha1":"c7dfdc1152bdf8650c16d97351621f6a59c9ca26","sha256":"bb7ef049d85f948630ac79c67a11c6b7e30bdc739b851d8a63fe5609e539dd62","sha512":"0100887960e72846285c63ae22ae6a85435819f864d4bbc25e150a96ca49c8b65085f7c792a38f560277a5ccc07a6d99397b821342d155776dd3da613ea728d9","ssdeep":"96:rtoz3tJINBSjSssSaewKiovhhk/hFBGCB2NPLqIvxrRWw1jDQbTCfMEDaH:uzgpdpek952NjzprRWov2CkCaH","tlshash":"c4914a351cc16638ec06806da66f981abd70720a6d04ce40b85df7a60f519d95e9de88","size":4577,"data":"","first_seen":"2025-11-23T07:21:30.245919Z","last_seen":"2025-11-23T07:21:30.245919Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"a2f2ede2292f49b9bc37ffd9b09e8de9","sha1":"c100715476f26288df83467dc537e77fc3ec5f0e","sha256":"ac7f807ee7bc719c88c7dbaf7626ca63c2702c41970e12df567028266b06598f","sha512":"33d86c36628ab1de5e6ee3795d9504d347b094bffc5f55d309c8d95855e2677e61f001b6890afa6c9f29567dbfad88fb77eec7c16cc805acd73644179abd7613","ssdeep":"","tlshash":"ee31dcf641419d7cdc2d422c91ab5935d7702dae230741a0066e947594e385f9988ff5","size":1540,"data":"","first_seen":"2025-11-23T07:21:30.247113Z","last_seen":"2025-11-23T07:21:30.247113Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6dcca58db348f35d6eee39aadb7cd280","sha1":"0a513a0ebed60f4b0b4d69f7aaf519feaadbfaec","sha256":"2683c87843149db588b42abb7ef80b2815438fc44b368e1a855983f93ae431e4","sha512":"ee897cdc326f80eb18c74b3c42fe1b97b3b16c0be8f048a763cb33db134fa47dc2eb07bc1ba6cd8feb91385d791aa89a28816fd49217a57763dc54df1ef3693e","ssdeep":"96:IncwFK9HqOq0tioGJULBx7PYuyrr5VrcAeS1h3osyTaZ+1KZZ/p5k1QDSYRV9uR5:M9YH9qfJ2x7PYf5BcVSPfq+DkGDjP9u/","tlshash":"5fc15308b065b43f65777032523f130bb23a606778884494f6b4eae99ebc81e5923f7d","size":5755,"data":"","first_seen":"2023-03-07T12:12:33Z","last_seen":"2026-06-10T00:06:15.427032Z","times_seen":3941,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/jquery.bxslider.min.js?ver=4.2.15","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c675495748ef0df6858b93dd9e623c46","sha1":"e1be723e4e25d37282821c50b7e12796d3df5f8d","sha256":"9a32744fa4707d6ea1ad2b696c644c4f45d327509989b4625b8a980e4a45e271","sha512":"1775ad0e5bc7d3cc9ebdd032b94e440a0872f616f983ff867511984daba748ed52e1de5c67f0e4648947bef65b499b3a6197ff7726cf1f481b7d4253b6711127","ssdeep":"384:nudkTa6bYaGQZKbZi1X5U59g+rzyPSS1SMVu8r2WiWQK7XYANWck6QDhC2k+0CMu:uv9gPSSbs8PwhCK0CMl+ArJwz","tlshash":"e6b2b609b13939be05f632baf25ecb0550f6448d9827f0f4a8b5c94ddad88d4102fbe6","size":24252,"data":"","first_seen":"2023-03-07T01:15:16Z","last_seen":"2026-06-10T00:06:15.485092Z","times_seen":4188,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4940159c6c6d5e2844587d9813046655","sha1":"a7d8c37fadd6a02b49dda39591878f3e4ae053d7","sha256":"378a88ef4e0dadd9b044aa0fe1cb976b00d2e156bd7ebe69263f729bcdad8cfc","sha512":"a096f8892cb3a74175e9272fabb72f727ba08ef4e16d4d0df9ce7962051d3d932150d6c010917aadc161c1f2ad410da560834da40521a3bba5f954bb0ea574c1","ssdeep":"","tlshash":"2ac02b7c006123dfa095723aa3d0280142d74b3169100c3ec4ccc081bc23014c0837c7","size":142,"data":"","first_seen":"2025-08-19T15:16:42.75201Z","last_seen":"2026-06-06T06:19:33.11676Z","times_seen":2516,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/24/18/2c/24182cd4e6f42aedf1491fdd2c696f03.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","size":6461,"data":"","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27982090.effectivegatecpm.com/32dafcbf6d6696c536a5accc26dd0ea3/invoke.js","fqdn":"pl27982090.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9edab53d2a7668b06fef55b11b684a91","sha1":"2657298608a988c83243c4bc02ce6a8c875fbaa9","sha256":"709423e2f87c2d15f44169282745204d00d8d8134e02f195e2daf5435eb108ad","sha512":"326b6985c690462cc5be4364a862f075f059aa0f05ee9a43d3a86cfebc53b1b64fb53997c5c53de792551ea8a2f97e47659ecf9587bffed3694ef8e5cf79ade6","ssdeep":"768:VyrAlvRkAwtHAfRAAnvfvXdhPA1dcudspAU2S6nXgCUhbLIqhJEOlhPb3cE:VyclvRdLZBnnvXD47dsqXznXgCGb3J","tlshash":"7213b6cabf91f27c0387a43a523fd00bf1279d5664c8d558e262e8651bac31bd63db24","size":43353,"data":"","first_seen":"2025-11-23T07:21:30.137469Z","last_seen":"2025-11-23T07:21:30.137469Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"7d72b80690ba108f701c1b1a5e697720","sha1":"befbf4e1dec83cfd6b3a327a909be07a4f8ab490","sha256":"0d8bef99a34b9446ad386668c9742d804417dad6f930213a1dd1cbb8dacbd6e3","sha512":"7cc76f2ee11c4395caa4a50a63bbd1668733e4f8ba3d89189a8014364a7e93873434b7b7b7c7ab37f624d4558e064d913657c064dcc9b35f892a0f05e0991130","ssdeep":"192:q6e4j3qVXlu798fbuEO4C5/hsNs35PhSkzISM8Z:bel29YFts/Swau","tlshash":"62f153497542b57f393b7071d0af220b313970a3a84b4861e9b8f6d87c789792a23d7d","size":8109,"data":"","first_seen":"2025-07-25T05:28:04.240916Z","last_seen":"2026-06-10T02:29:18.699591Z","times_seen":23399,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/main.js?ver=1.11.0.1763068703","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"62479648a67b52a1f395970c883fdd50","sha1":"fb9b2468304ef42eecd402a8a935877ca61a9f35","sha256":"5e5bf8c461e32fca94beaf4df1cb8064e06d9702184807936464a163ca82e2e0","sha512":"3393648937cf923b85076b9668d4e49cddfaa4c72d44bcf1fc0dd58dd87720dcf6ebab044d60c8c95b2e47924f3ea361ff273267c7015134d768598580860c9f","ssdeep":"384:pnujdbo6UazbyFx4QsbatrEOFxnIfYatSyDZD9Vk2ly6oUv:puRbo7azbyFx5NtrEYnIwsnD19VkW/oO","tlshash":"2af29489f77d2546867a30da6c6f16cd313d1236a842086fbc2896e428e4b3c7396d3d","size":36394,"data":"","first_seen":"2025-08-28T06:46:38.264936Z","last_seen":"2026-06-09T23:41:36.612635Z","times_seen":1558,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.22.3","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"93b3720e7695d8028cb86f0e618ada73","sha1":"f450880dd098d857d9dfa38430ba2fa7ede6551f","sha256":"d82122f0fe9f7a7190f929e05b2f026e20cc5df64bd294204795afe72f02929a","sha512":"23e340152f6c7c472044a0a2ebff34e5e9392c255187ac50d7e70a2e07399f4ed13f0b8f46fa60a8e6129d068e076271042b650d267c7a84bb63a69c83f88935","ssdeep":"384:1nzmcCFxbUyeggTRuliyLdAkLWNpyvI3e+ZTtztLyFYZ4PW8gVIBnBCpFu95fq32:1nzmcCDbUy2TQliyBWNpyvI3e+ZpoFKM","tlshash":"c0a2e8ae7296f47aa99770b5442f200af23635261899c494e536d4d0ae3cd8e6223f7c","size":22386,"data":"","first_seen":"2025-10-02T08:50:18.110224Z","last_seen":"2026-06-09T00:21:37.842891Z","times_seen":2989,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"f9df541db850fa0b9ec1a48e112d39d8","sha1":"f70e552d7ee9674e5ed13bb4de913a5ed30aa875","sha256":"28161f4e76dca47aa3a9b2876c58c7ff116883307def2170247d3f549f8d724c","sha512":"200d7ab7e138d559b5aab8dde0432fb5a6efad6356fa74bcdb33140e16f631008c8cfa3e0ec24a2c28c805486a586d548f99b4b6b93dabbb42482bca00ad4e09","ssdeep":"","tlshash":"453129a3b00db0aec17b72f0930fa2245aa2d1635b062f8826944fdc3700f8fc15f8a5","size":1794,"data":"","first_seen":"2025-11-23T07:21:30.249937Z","last_seen":"2025-11-23T07:21:30.249937Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/50865c8e9f805c36d66a52e62e8e8f47/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"afbdce3014738fa650eeba9539f31fae","sha1":"c91a54c0b5f45db1a8ab6c0cf9c63d3782993844","sha256":"6714baf10c905eeda1232ad6c3e13008611d733b03d638a058c6dc7eb961c2dc","sha512":"031570540d420a19ed4d978d46aca8e37747f2f31a7fc7a729712eb69c1c0e4601d86225fbfd9b9357dab58953e53d16cbff4416d6a6277059972ee34edbc60f","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/lrt:c9VtXvZYD6s/7V1Pela1Y/oJCZtrt","tlshash":"1b23e78a3f91f05d839a317732af900bf85e4c966188d444e543b4b4eff636ae536a14","size":46502,"data":"","first_seen":"2025-11-23T07:21:30.161378Z","last_seen":"2025-11-23T07:21:30.161378Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"a88ae19e2de2f85797010d7f11ccfd01","sha1":"d31795f39619ea3e18a316788f0fcc8b7132e2e1","sha256":"3ea829b527bd8f38216c981c7587be359573c14123ffdfa2bc4c9ca52d4fa825","sha512":"4883e8e9a8f740a3c29015e7cf667ebf032eddf230fc94388582f17b1fb46dd91129c9ef49a171d80e4f8367558cf265ee6f930b026e5ff4bac89e0c804dd7ac","ssdeep":"96:r89QvRhoznJIOyX3LP/e/JYk/fIJQ1uFZjozv8u1jDQbTCfMEDaH:I9QvkzRqL3RkGQ1WVoD8Sv2CkCaH","tlshash":"a8a13ba29ecea1bc855b70fd133a80185e53d05b4605af44398ccba86f00f8aa99dc98","size":5006,"data":"","first_seen":"2025-11-23T07:21:30.251129Z","last_seen":"2025-11-23T07:21:30.251129Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"151fee4bca6f114d1041314ef9de11b9","sha1":"908ddb0b9be95d2b72fdedfb3182cc5b898befe4","sha256":"482b691342ff19675d99c5216749eb9ac4f00b559bcaa1b8cc4ebc72ca952202","sha512":"3a0a22bfb72c9d12397a33038e01fc35f5aa6225a5acc02030a580348162a456a09e766f8126eba9c0ed4eb692849cb19400c050928493a26ab9c5c91f8a54db","ssdeep":"96:F9EMW2Ioz0MrD8ViUpxZupN6vfk/j9Vu0eN0KFRlRG6FXyqOH1jDoCfMEDaH:F9Eb2Rz0w8VRYTAfkr9U0B0rDivoCkCM","tlshash":"4ba13aa95ee8743c18a2607f153b76096dd4c10f0a08db06f85dcd810ba57c84c7acfd","size":5037,"data":"","first_seen":"2025-11-23T07:21:30.252457Z","last_seen":"2025-11-23T07:21:30.252457Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27982080.effectivegatecpm.com/8e/2c/5d/8e2c5d0a9e14a08bcedae6c1b8957fa4.js","fqdn":"pl27982080.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"fc8837bd93041a651dbefd1fd748584e","sha1":"33cc661e09d8c9b802713b3c8f183b0ace655749","sha256":"8c997e4859e8630ec0a195e1149faa694f587873a0e074a3f0ad21d214751928","sha512":"c0b4603b6bbd15ef7a7068f6d6b9de240ec6cdeb54efe678996512889dcfb8930d0d912c31e5d97982350d8bbd277c734d47a64c68a855eaa560fade94248f57","ssdeep":"1536:qd1IPAcpiczPP6RdHf8741ia98IWRatmD:Scxz36RS/RatE","tlshash":"18a3d8c87f51f47c03d77476223f610af06a9f00659ce598e013ecfa296871be479aa9","size":106568,"data":"","first_seen":"2025-11-23T07:21:30.141235Z","last_seen":"2025-11-23T07:21:30.141235Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIMSc9pwgS0jeiAt8BPwFCIkYzXmlgxfUe29qgqrqd21S7hEfJd09964ayTSlx7odx37xosy4qo195oLtOh3nuH1RZmFw3B62oKtXXD_oOEfttwTrq2Oe4zqO67j2SalFoobH9lnI_E7kdiKnE3gdtxtgqP-7m9KCoRZ4tUeehuTzJ_5I3odkM2SD708I0y9U_vKbgzKlhdKo-NZ7WT9TdYbBwZhoC0m2tfgbyswJ-XIJKttaOICqNlsHiOWcLD37CHG2tZCJuLrxWGmcQmSI-WHU1QwinUHSGZi6CskfEoBxnDmLbHDzjNI1vfyYpS07J8t__wVZz8nyo2eQDe6upXJon1dpWUiVGQyTBnI4g9yYIS93UIwsyHoHrPgEkv9KnOcOIxvcfltVsm9XQvch-e4Lnu9wt-skK1EQOSsB9elKLGhvpecmwnMjP_J63n5QMpmBmiWUxkIpLZSJhTK3MOC7duD0AuZSP0wizladgAYBF7ET9TzHoRFbRclaB2MU-RgsHYPpK8j1x99yf1X4MQsmFH35-ZyQaz50uQ1zqYHhFkxBUPEGtSCoDUFNCWpJUBcEddXc4KnxTHOTp6aM3UX3Ft1vpqrYmNAbqtgQGQHVY2jebMr8I3MVrPjfdJQYPlUt0LhopjTmzSTfI0-1YVu38hp9sWv7HqcJi5OQh2EUsq4f0i5ljHkh546gPoxsIM0SqLEwknOyvvoacjknRz_bRkx3YNIdMPkkaOmC1g3opQaj7G5fcCpj1Rd5h6kBuGqQF8soLluTdI8cma5fWNvef_UPfvsZgj0giwLTDXLd4EN5n2AjvT5dVzXZXFe1IT-czQs5kCPaXsT5ghbi_7ffEZdrpfmpE2Z863XWEu1454IwxWmacZltGPLdmuRc6JNKM0F-OmUuivhcaS6tlTor89Pn3jh5apBrYYxU2QxUzsmhPz8Fk3Ny5N43-9fefel3sPwKTH6g0yiCOLeQSoJUHHyncQPzrz0-mCfmOjb0MmhxFdmgQaUbVGkDmo5hykPTItcPXv3lq7a-RpwuT-NUL2_GqU6_2M-phXst3G9hBiN37a4X-2GvF4ok5InPfc_nUdcRUUCjMIiCLgozl8__-PCfAAAA__8woEsunwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIMSc9pwgS0jeiAt8BPwFCIkYzXmlgxfUe29qgqrqd21S7hEfJd09964ayTSlx7odx37xosy4qo195oLtOh3nuH1RZmFw3B62oKtXXD_oOEfttwTrq2Oe4zqO67j2SalFoobH9lnI_E7kdiKnE3gdtxtgqP-7m9KCoRZ4tUeehuTzJ_5I3odkM2SD708I0y9U_vKbgzKlhdKo-NZ7WT9TdYbBwZhoC0m2tfgbyswJ-XIJKttaOICqNlsHiOWcLD37CHG2tZCJuLrxWGmcQmSI-WHU1QwinUHSGZi6CskfEoBxnDmLbHDzjNI1vfyYpS07J8t__wVZz8nyo2eQDe6upXJon1dpWUiVGQyTBnI4g9yYIS93UIwsyHoHrPgEkv9KnOcOIxvcfltVsm9XQvch-e4Lnu9wt-skK1EQOSsB9elKLGhvpecmwnMjP_J63n5QMpmBmiWUxkIpLZSJhTK3MOC7duD0AuZSP0wizladgAYBF7ET9TzHoRFbRclaB2MU-RgsHYPpK8j1x99yf1X4MQsmFH35-ZyQaz50uQ1zqYHhFkxBUPEGtSCoDUFNCWpJUBcEddXc4KnxTHOTp6aM3UX3Ft1vpqrYmNAbqtgQGQHVY2jebMr8I3MVrPjfdJQYPlUt0LhopjTmzSTfI0-1YVu38hp9sWv7HqcJi5OQh2EUsq4f0i5ljHkh546gPoxsIM0SqLEwknOyvvoacjknRz_bRkx3YNIdMPkkaOmC1g3opQaj7G5fcCpj1Rd5h6kBuGqQF8soLluTdI8cma5fWNvef_UPfvsZgj0giwLTDXLd4EN5n2AjvT5dVzXZXFe1IT-czQs5kCPaXsT5ghbi_7ffEZdrpfmpE2Z863XWEu1454IwxWmacZltGPLdmuRc6JNKM0F-OmUuivhcaS6tlTor89Pn3jh5apBrYYxU2QxUzsmhPz8Fk3Ny5N43-9fefel3sPwKTH6g0yiCOLeQSoJUHHyncQPzrz0-mCfmOjb0MmhxFdmgQaUbVGkDmo5hykPTItcPXv3lq7a-RpwuT-NUL2_GqU6_2M-phXst3G9hBiN37a4X-2GvF4ok5InPfc_nUdcRUUCjMIiCLgozl8__-PCfAAAA__8woEsunwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 554bd3a50fda8808186f06ca29348dac\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":340,"timings":{"blocked":240,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-includes/css/dist/block-library/style.min.css?ver=6.8.3","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-includes/css/dist/block-library/style.min.css?ver=6.8.3 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/css\r\ncontent-length: 14004\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:47 GMT\r\netag: \"1c679-6908fa63-14a6fb;br\"\r\nlast-modified: Mon, 03 Nov 2025 18:54:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=XIh%2FjNlkQY5XTgCzJUfkpRATjvxRr6qaHZnWogpqdJ4I3j%2FKdLz1GjH4%2FS648ihRMIxBf5vXqahL16hsU4KFBHPQpe351desqurgKQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f21dd056a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":116345,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (55654)","md5":"a06b3af98203ddc303997e0e0caaff83","sha1":"04c3e7de74a890d18014588c4e1f077a52d79acc","sha256":"838ede31a58a3cdb411d6dd7f13cbe65d4a26193d9fa31882854e63938f12bac","sha512":"4ce1079b8dc07043b0201dc74f5888b50aa530a4e604eecd7673e225946de62c421b290a707014ddaf4366591f8c4767737b5689bc44d57eb0a11aef905cead9","ssdeep":"3072:seeJu1iQg5MG7x+qehvP0x2pck2qkA3Pu:b1iQg5MG7x+qehvP0x2pck2lA2","tlshash":"34b3615417b4dcf935ffa73a5e4ee248a503aa41c68a57ebe066d190618ca490cf3f0f","first_seen":"2025-07-15T17:03:07.843749Z","last_seen":"2026-06-10T02:22:25.44622Z","times_seen":174337,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.710Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/css\r\ncontent-length: 6646\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:47 GMT\r\netag: \"7918-69164b1f-182a80;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dYj0zxHRqzpLSxApLjyAGWh5UrNm051zsyMA7QG9w8mILtqq%2By9jemGhhAdvY5XHBLwRwGN45THI9cDWsGaXGIeek79uqVfV8Oe8bQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f21dd156a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":31000,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (30837)","md5":"269550530cc127b6aa5a35925a7de6ce","sha1":"512c7d79033e3028a9be61b540cf1a6870c896f8","sha256":"799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd","sha512":"49f4e24e55fa924faa8ad7debe5ffb2e26d439e25696df6b6f20e7f766b50ea58ec3dbd61b6305a1acacd2c80e6e659accee4140f885b9c9e71008e9001fbf4b","ssdeep":"384:wHu5yWeTUKW+KlkJ5de2UYDyVfwYUas2l8yQ/8dwmaU8G:wwlr+Klk3Yi+fwYUf2l8yQ/e9vf","tlshash":"78d241e8e54c01d66731c48bff81b36862b6fb3dd5854da9f01f290c29d226522c5fba","first_seen":"2023-04-05T03:13:25Z","last_seen":"2026-06-10T02:16:25.112347Z","times_seen":284432,"resource_available":true,"data":null}},"time_used":120,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":119,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/617.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.637Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/617.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 30565\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"7765-6908fce6-17ada7;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:10 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PwvMjUFHXUBh8lajuHxC1yDbOVx%2FJbz05H28hzaiCNL93j6D1bnGxOlFIOc87D%2FGZlWaqXNQ9tEKfy2rQwLq9QHxYr90W2Iw0nC5Ow%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7c9f356a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":30565,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"39d297aaca667b5422751a803a175fd0","sha1":"9e310347b14a9d2663058b0d258e576b9570a028","sha256":"dec200c3968a50e67086baf21523e81a176144cb6d9ea0341c37585fd9447cfe","sha512":"b7963144cd164c49734f7f47d0d76366aaf5125ff689a78effcf7e812468fcea58b4ef40a2d8c4caa55cd2a052e53726d4be1b7cbabb21a2efebe35838ce7d60","ssdeep":"768:ffigTvwy8gEFaW289c2RZIJl7Brme/HKxkPkB:niG8ghwInEu3kB","tlshash":"eed2d0a4b8bc2f609125c73829436d28d556f6f4edbfc60aa8de4d36681c3c40379bd6","first_seen":"2025-11-23T07:21:30.087972Z","last_seen":"2025-11-23T07:21:30.087972Z","times_seen":1,"resource_available":false,"data":null}},"time_used":48,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1312.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.654Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1312.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 38182\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"9526-6918131e-a008;;;\"\r\nlast-modified: Sat, 15 Nov 2025 05:43:58 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=4i8tJbICJKm5%2FjqNq%2BMr89217F0ajmiMxAplWXp9fGQlNdiQuKg%2F3swyqn6kSuOe3Tcx2hGtB4kx%2FffxQh99cLn5xNO6aVDkOUiRuA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0d56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38182,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"63ca47119d5933728026824f6f0d80ac","sha1":"12722183a3f3002e06e4601aa1f65f0efa9258ea","sha256":"db25bd4ebef02cd076b001971a84622d96a12dfb99ad08f9c68c563f66cf9278","sha512":"e19d62444e8c5589fbec3f390fac41fc06fc4fd705b6af53f0e9c170078ce35026891f248e38abf670f771ca8ef0f5fa65c09c3faf7ceed2a9dda8ad7d78d6e1","ssdeep":"768:abMI5PrawsyLpNs+rBm7LXX4yV8Tz/ZhdCxSz+kOP+dLtP6kL2ofuNEmZ3:absWW1KTz/rI2NtPNf+EmZ3","tlshash":"bc03e044bb3a54951ce3f03e0e9826b0ca06956326550fbfb27c6d074f69742dfbd88a","first_seen":"2025-11-23T07:21:30.091051Z","last_seen":"2025-11-23T07:21:30.091051Z","times_seen":1,"resource_available":false,"data":null}},"time_used":137,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSPWwcRRidNRZFUvATBO0KURCEL_t361tSACYEIkISOUEpUIrZmVlnuL2dZWZ_HFeBSFFEgYxEATTsvXNiEqIICjp-rDNCQpFA2QLhIm6Q6BESNVrnJMNXvO_79m3x3pvv6rjcJT5KunPmTbUm05Qe6fcc-9nzMuOqNvapc7br9Jyj9nmZhcFRe7UDXb3g-kHPOWy_JthQHfEc13Fcx7WPSy0StXpkj4XMb0duL3J6gddz-wFW9f93U1ow1AKvdsnjkLx95I_kbUg2RTb66pgww0Llz786KlNaKI2Kb76VDTNVZxjtj4m2kGSbs7-hTEvIJ3NQ2ebMAVS10TlALFsy9-R9xNnmTCbi6voDpXEKkSHmB1FXU4h0CkmnYOoKJL9HAMZx6jSy0Y1TStf00gOWdmxL5v_5G7Juyfz9J5CN7iylctU-q9KykCozWE0ayNUp5MoUebmNYs2CrLfBivch-S_EeeogstGt11Ulh3Yl9BCS7zzj-Q53-06yEAWRsxBQny7Egg4WBm4iPDfyI2_g7QUlkymomUNpLJTSQplYKHMLI75jB84gYC71wyTibNEJaBBwETvRwHMcGrFFlKxzsI4iXwdL18H0ZeT6vS-4vyj8mAVjiqH8qCXkqg9dbsFcbGC4BVMQVLxBLQhqQ1BTgloS1AVBXTXXeWo809zgqSljd9a9WfebiSpWxvS6KlZERkD1OjRvNmT-rrkCVjw0WUsMn6gOaFw0ExrzZpzvkse6sK2beY2h2LF9j9OExUnIwzAKWd8PaZ8yxryQc0dQH0Y2kGYO1FhYky1ZXnwJuWzJ4Q-3ENNtmHQbTD4KWrqgdQN6scFadmcoOJWxGoq8x9QIXDXIi3kUl6xxuksOTZbPLW3tvfqF33-CYHfJrMB0g1w3eEf-SLCSXpssq5psLKvakK9P54UcyTXaXcTZghbi4VtviEu10vzEMbN-82XWEd14-5wwxUmacZmtGPLlkuRc6ONKM0G-O2HOi_hMaS4ulTor85NnXjl-YpRrYYxU2RRUtuTAXx-AyZYc-v7zvWvvP_cnWH4ZJt_XaRRBnFtIJUEq9r_TuIH5zx7vz2NzDSt6HrS4gmzUoNINqrQBTddhygOTItd3X_z5064-Q5zOT-JUz2_EqU4_3supg287-KElF377FUbu2H0v9sPBIBRJyBOf-57Po74jooBGYRAFfRSmlU9_c-_fAAAA__-gEfXenwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSPWwcRRidNRZFUvATBO0KURCEL_t361tSACYEIkISOUEpUIrZmVlnuL2dZWZ_HFeBSFFEgYxEATTsvXNiEqIICjp-rDNCQpFA2QLhIm6Q6BESNVrnJMNXvO_79m3x3pvv6rjcJT5KunPmTbUm05Qe6fcc-9nzMuOqNvapc7br9Jyj9nmZhcFRe7UDXb3g-kHPOWy_JthQHfEc13Fcx7WPSy0StXpkj4XMb0duL3J6gddz-wFW9f93U1ow1AKvdsnjkLx95I_kbUg2RTb66pgww0Llz786KlNaKI2Kb76VDTNVZxjtj4m2kGSbs7-hTEvIJ3NQ2ebMAVS10TlALFsy9-R9xNnmTCbi6voDpXEKkSHmB1FXU4h0CkmnYOoKJL9HAMZx6jSy0Y1TStf00gOWdmxL5v_5G7Juyfz9J5CN7iylctU-q9KykCozWE0ayNUp5MoUebmNYs2CrLfBivch-S_EeeogstGt11Ulh3Yl9BCS7zzj-Q53-06yEAWRsxBQny7Egg4WBm4iPDfyI2_g7QUlkymomUNpLJTSQplYKHMLI75jB84gYC71wyTibNEJaBBwETvRwHMcGrFFlKxzsI4iXwdL18H0ZeT6vS-4vyj8mAVjiqH8qCXkqg9dbsFcbGC4BVMQVLxBLQhqQ1BTgloS1AVBXTXXeWo809zgqSljd9a9WfebiSpWxvS6KlZERkD1OjRvNmT-rrkCVjw0WUsMn6gOaFw0ExrzZpzvkse6sK2beY2h2LF9j9OExUnIwzAKWd8PaZ8yxryQc0dQH0Y2kGYO1FhYky1ZXnwJuWzJ4Q-3ENNtmHQbTD4KWrqgdQN6scFadmcoOJWxGoq8x9QIXDXIi3kUl6xxuksOTZbPLW3tvfqF33-CYHfJrMB0g1w3eEf-SLCSXpssq5psLKvakK9P54UcyTXaXcTZghbi4VtviEu10vzEMbN-82XWEd14-5wwxUmacZmtGPLlkuRc6ONKM0G-O2HOi_hMaS4ulTor85NnXjl-YpRrYYxU2RRUtuTAXx-AyZYc-v7zvWvvP_cnWH4ZJt_XaRRBnFtIJUEq9r_TuIH5zx7vz2NzDSt6HrS4gmzUoNINqrQBTddhygOTItd3X_z5064-Q5zOT-JUz2_EqU4_3supg287-KElF377FUbu2H0v9sPBIBRJyBOf-57Po74jooBGYRAFfRSmlU9_c-_fAAAA__-gEfXenwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2dd8d9577769498577fd17ac0fd50809\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":224,"timings":{"blocked":125,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvW8c1Rd945_1K5KCjyBoR4iCILyZrx3vkAIwIRARksgJSoFSvHnvjfPY2XnDe_PhuApEiiIKtEgUQMPsWScmIYqgoEJEYU2DIoEyBcJF3PAXICRqNM5Khluce--cKc45716dlLvER0l3zrytNmSa0iP9nmM_f15mXNXGPnXOdp2ec9Q-L7MwOGqvd6Crl1w_6DmH7TcEG6ojnuM6juu49nGpRaLWj-yxkPntyO1FTi_wem4_wLr-725KC4Za4NUueRKSt4_9kbwLyWbIRt8cE2ZYqPzF10dlSgulUfGtd7JhpuoMo_0x0RaSbGv-N5RpCflsASrbmjuAqjY7B4hlSxaefog425rLRFxdf6Q0TiEyxPwg6moGkc4g6QxMXYHkDwjAOE6dRja6cUrpml56xNKObcni339B1i1ZfPgUstGdlVSu22dVWhZSZQbrSQO5PoNcmyEvt1FsWJD1NljxIST_hTjPHEQ2uvWmquTQroQeQvKd5zzf4W7fSZaiIHKWAurTpVjQwdLATYTnRn7kDby9oGQyAzULKI2FUlooEwtlbmHEd-zAGQTMpX6YRJwtOwENAi5iJxp4jkMjtoySdQ7GKPIxWDoG05eR6w--4v6y8GMWTCiG8pOWkKs-dHkP5mIDwy2YgqDiDWpBUBuCmhLUkqAuCOqquc5T45nmBk9NGbvz7s2730xVsTah11WxJjICqsfQvNmU-fvmCljxv-lGYvhUdUDjopnSmDeTfJc80YVt3cxrDMWO7XucJixOQh6GUcj6fkj7lDHmhZw7gvowsoE0C6DGwoZsyeryK8hlSw5_fA8x3YZJt8Hk46ClC1o3oBcbbGR3hoJTGauhyHtMjcBVg7xYRHHJmqS75NB09dzKvb1Xv_D7XQh2n8wLTDfIdYP35E8Ea-m16aqqyeaqqg359nReyJHcoN1FnC1oIf5_6y1xqVaanzhmxjdfZR3RjbfPCVOcpBmX2ZohX69IzoU-rjQT5IcT5ryIz5Tm4kqpszI_eea14ydGuRbGSJXNQGVLDvz5EZhsyaG7X-5de_-FXbD8Mky-r9Mogji3kEqCVOx_p3ED86893p8n5hrW9CJocQXZqEGlG1RpA5qOYcoD0yLX91_--fOuvkCcLk7jVC9uxqlOP93LqYMfO_i-JRd--xVG7th9L_bDwSAUScgTn_uez6O-I6KARmEQBX0UppXPfvfgnwAAAP__1vVkyp8EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvW8c1Rd945_1K5KCjyBoR4iCILyZrx3vkAIwIRARksgJSoFSvHnvjfPY2XnDe_PhuApEiiIKtEgUQMPsWScmIYqgoEJEYU2DIoEyBcJF3PAXICRqNM5Khluce--cKc45716dlLvER0l3zrytNmSa0iP9nmM_f15mXNXGPnXOdp2ec9Q-L7MwOGqvd6Crl1w_6DmH7TcEG6ojnuM6juu49nGpRaLWj-yxkPntyO1FTi_wem4_wLr-725KC4Za4NUueRKSt4_9kbwLyWbIRt8cE2ZYqPzF10dlSgulUfGtd7JhpuoMo_0x0RaSbGv-N5RpCflsASrbmjuAqjY7B4hlSxaefog425rLRFxdf6Q0TiEyxPwg6moGkc4g6QxMXYHkDwjAOE6dRja6cUrpml56xNKObcni339B1i1ZfPgUstGdlVSu22dVWhZSZQbrSQO5PoNcmyEvt1FsWJD1NljxIST_hTjPHEQ2uvWmquTQroQeQvKd5zzf4W7fSZaiIHKWAurTpVjQwdLATYTnRn7kDby9oGQyAzULKI2FUlooEwtlbmHEd-zAGQTMpX6YRJwtOwENAi5iJxp4jkMjtoySdQ7GKPIxWDoG05eR6w--4v6y8GMWTCiG8pOWkKs-dHkP5mIDwy2YgqDiDWpBUBuCmhLUkqAuCOqquc5T45nmBk9NGbvz7s2730xVsTah11WxJjICqsfQvNmU-fvmCljxv-lGYvhUdUDjopnSmDeTfJc80YVt3cxrDMWO7XucJixOQh6GUcj6fkj7lDHmhZw7gvowsoE0C6DGwoZsyeryK8hlSw5_fA8x3YZJt8Hk46ClC1o3oBcbbGR3hoJTGauhyHtMjcBVg7xYRHHJmqS75NB09dzKvb1Xv_D7XQh2n8wLTDfIdYP35E8Ea-m16aqqyeaqqg359nReyJHcoN1FnC1oIf5_6y1xqVaanzhmxjdfZR3RjbfPCVOcpBmX2ZohX69IzoU-rjQT5IcT5ryIz5Tm4kqpszI_eea14ydGuRbGSJXNQGVLDvz5EZhsyaG7X-5de_-FXbD8Mky-r9Mogji3kEqCVOx_p3ED86893p8n5hrW9CJocQXZqEGlG1RpA5qOYcoD0yLX91_--fOuvkCcLk7jVC9uxqlOP93LqYMfO_i-JRd--xVG7th9L_bDwSAUScgTn_uez6O-I6KARmEQBX0UppXPfvfgnwAAAP__1vVkyp8EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7c223b953b753197ac8cd23336e18f1f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":253,"timings":{"blocked":153,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRiddSyKpOBHELQrREEQvuyvW9-SAjAhEBGSyAlKgVLMzsw6w-3tLDP7w3EViBRFFMhIFEDD3jsnJiGKoKBBAlnnNCgSKFsgjBQ3_AUIiRqtc5LhK77vffu2eO_Nd21c7hIfJd05-45ak2lKj_Z7jv3CBZlxVRv79HnbdXrOMfuCzMLgmL3aNV297PpBzzlivynYUB31HNdxXMe1T0gtErV6dI-FzO9Ebi9yeoHXc_sBVvX_d1NaMNQCr3bJU5C8ffzP5D1INkU2-va4MMNC5S-9MSpTWiiNim--mw0zVWcY7cNEW0iyzdnfUKYl5PM5qGxz5gCq2ugcIJYtmXvmIeJscyYTcXXjkdI4hcgQ80OoqylEOoWkUzB1FZI_IADjOH0G2ejmaaVrevkRSzu2JfP__A1Zt2T-4dPIRneXUrlqn1NpWUiVGawmDeTqFHJlirzcRrFmQdbbYMVHkPwX4jx7CNno9luqkkO7EnoIyXee93yHu30nWYiCyFkIqE8XYkEHCwM3EZ4b-ZE38PaCkskU1MyhNBZKaaFMLJS5hRHfsQNnEDCX-mEScbboBDQIuIidaOA5Do3YIkrWOVhHka-Dpetg-gpy_eHX3F8UfsyCMcVQftoScs2HLrdgLjUw3IIpCCreoBYEtSGoKUEtCeqCoK6aGzw1nmlu8tSUsTub3mz6zUQVK2N6QxUrIiOgeh2aNxsy_8BcBSsOTNYSwyeqazQumgmNeTPOd8mTXdjWrbzGUOzYvsdpwuIk5GEYhazvh7RPGWNeyLkjqA8jG0gzB2osrMmWLC--ily25MgnW4jpNky6DSafAC1d0LoBvdRgLbs7FJzKWA1F3mNqBK4a5MU8isvWON0lhyfL55e29l794u8_QLD7ZFZgukGuG7wv7xGspNcny6omG8uqNuS7M3khR3KNdhdxrqCFeOz22-JyrTQ_edys33qNdUQH75wXpjhFMy6zFUO-WZKcC31CaSbIjyfNBRGfLc2lpVJnZX7q7OsnTo5yLYyRKpuCypYc_OtjMNmSwz99tXft_Rf_AMuvwOT7Oo0iiPMDSCVBKva_07iB-c8e7-OxuY4VPQ9aXEU2alDpBlXagKbrMOXBSZHr-6_8_EVXXyJO5ydxquc34lSnn3U53WvJxd9-3Uusa1MYuWP3vdgPB4NQJCFPfO57Po_6jogCGoVBFPRRmFY-9_2DfwMAAP__z5Gbo58EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRiddSyKpOBHELQrREEQvuyvW9-SAjAhEBGSyAlKgVLMzsw6w-3tLDP7w3EViBRFFMhIFEDD3jsnJiGKoKBBAlnnNCgSKFsgjBQ3_AUIiRqtc5LhK77vffu2eO_Nd21c7hIfJd05-45ak2lKj_Z7jv3CBZlxVRv79HnbdXrOMfuCzMLgmL3aNV297PpBzzlivynYUB31HNdxXMe1T0gtErV6dI-FzO9Ebi9yeoHXc_sBVvX_d1NaMNQCr3bJU5C8ffzP5D1INkU2-va4MMNC5S-9MSpTWiiNim--mw0zVWcY7cNEW0iyzdnfUKYl5PM5qGxz5gCq2ugcIJYtmXvmIeJscyYTcXXjkdI4hcgQ80OoqylEOoWkUzB1FZI_IADjOH0G2ejmaaVrevkRSzu2JfP__A1Zt2T-4dPIRneXUrlqn1NpWUiVGawmDeTqFHJlirzcRrFmQdbbYMVHkPwX4jx7CNno9luqkkO7EnoIyXee93yHu30nWYiCyFkIqE8XYkEHCwM3EZ4b-ZE38PaCkskU1MyhNBZKaaFMLJS5hRHfsQNnEDCX-mEScbboBDQIuIidaOA5Do3YIkrWOVhHka-Dpetg-gpy_eHX3F8UfsyCMcVQftoScs2HLrdgLjUw3IIpCCreoBYEtSGoKUEtCeqCoK6aGzw1nmlu8tSUsTub3mz6zUQVK2N6QxUrIiOgeh2aNxsy_8BcBSsOTNYSwyeqazQumgmNeTPOd8mTXdjWrbzGUOzYvsdpwuIk5GEYhazvh7RPGWNeyLkjqA8jG0gzB2osrMmWLC--ily25MgnW4jpNky6DSafAC1d0LoBvdRgLbs7FJzKWA1F3mNqBK4a5MU8isvWON0lhyfL55e29l794u8_QLD7ZFZgukGuG7wv7xGspNcny6omG8uqNuS7M3khR3KNdhdxrqCFeOz22-JyrTQ_edys33qNdUQH75wXpjhFMy6zFUO-WZKcC31CaSbIjyfNBRGfLc2lpVJnZX7q7OsnTo5yLYyRKpuCypYc_OtjMNmSwz99tXft_Rf_AMuvwOT7Oo0iiPMDSCVBKva_07iB-c8e7-OxuY4VPQ9aXEU2alDpBlXagKbrMOXBSZHr-6_8_EVXXyJO5ydxquc34lSnn3U53WvJxd9-3Uusa1MYuWP3vdgPB4NQJCFPfO57Po_6jogCGoVBFPRRmFY-9_2DfwMAAP__z5Gbo58EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3d1266d6bc3a47fc16b4982e17af426e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":341,"timings":{"blocked":234,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSzY8U1Rd9Nb_JbwELPzC6rRgXYpymvrqmSxbqiCgRgQwYFobFq_deDc-urle-Vx_DrFASQlyYNnGhbqw-PTCChOjCJYT0sDEkGmphnAWz8S8wJq5NDZ2M3sW959apxTnn3auTcpf4KOnOmffVhkxTeqTfc-yXz8uMq9rYp87ZrtNzjtrnZRYGR-31runqNdcPes5h-x3BhuqI57iO4zqufVxqkaj1I3ssZH47cnuR0wu8ntsPsK7_u5vSgqEWeLVLnoXk7VN_JB9Cshmy0Q_HhBkWKn_17VGZ0kJpVHzrg2yYqTrDaB8m2kKSbc3_hjItIV8tQGVbcwdQ1WbnALFsycLzjxFnW3OZiKvrT5TGKUSGmB9EXc0g0hkknYGpK5D8EQEYx6nTyEY3Tild00tPWNqxLVn8-y_IuiWLj59DNrqzksp1-6xKy0KqzGA9aSDXZ5BrM-TlNooNC7LeBis-heS_EOeFg8hGt95VlRzaldBDSL7zkuc73O07yVIURM5SQH26FAs6WBq4ifDcyI-8gbcXlExmoGYBpbFQSgtlYqHMLYz4jh04g4C51A-TiLNlJ6BBwEXsRAPPcWjEllGyzsEYRT4GS8dg-jJy_cl33F8WfsyCCcVQftESctWHLu_DXGxguAVTEFS8QS0IakNQU4JaEtQFQV0113lqPNPc4KkpY3c-vfn0m6kq1ib0uirWREZA9RiaN5sy_9hcASv-N91IDJ-qrtG4aKY05s0k3yXPdGFbN_MaQ7Fj-x6nCYuTkIdhFLK-H9I-ZYx5IeeOoD6MbCDNAqixsCFbsrr8BnLZksOf30dMt2HSbTD5NGjpgtYN6MUGG9mdoeBUxmoo8h5TI3DVIC8WUVyyJukuOTRdPbdyf-_VL_x-F4I9JPMC0w1y3eAj-YBgLb02XVU12VxVtSE_ns4LOZIbtLuIswUtxP9vvScu1UrzE8fM-OabrCM6ePucMMVJmnGZrRny_YrkXOjjSjNB7p4w50V8pjQXV0qdlfnJM28dPzHKtTBGqmwGKlty4M_PwGRLDt37du_a-688Bssvw-T7Oo0iiPMFpJIgFfvfadzA_GuP9_HEXMOaXgQtriAbNah0gyptQNMxTHlgWuT64es_f93VN4jTxWmc6sXNONXpl11OD_bC6tq9llz47VcYuWP3vdgPB4NQJCFPfO57Po_6jogCGoVBFPRRmFa--NOjfwIAAP__Rkkb458EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSzY8U1Rd9Nb_JbwELPzC6rRgXYpymvrqmSxbqiCgRgQwYFobFq_deDc-urle-Vx_DrFASQlyYNnGhbqw-PTCChOjCJYT0sDEkGmphnAWz8S8wJq5NDZ2M3sW959apxTnn3auTcpf4KOnOmffVhkxTeqTfc-yXz8uMq9rYp87ZrtNzjtrnZRYGR-31runqNdcPes5h-x3BhuqI57iO4zqufVxqkaj1I3ssZH47cnuR0wu8ntsPsK7_u5vSgqEWeLVLnoXk7VN_JB9Cshmy0Q_HhBkWKn_17VGZ0kJpVHzrg2yYqTrDaB8m2kKSbc3_hjItIV8tQGVbcwdQ1WbnALFsycLzjxFnW3OZiKvrT5TGKUSGmB9EXc0g0hkknYGpK5D8EQEYx6nTyEY3Tild00tPWNqxLVn8-y_IuiWLj59DNrqzksp1-6xKy0KqzGA9aSDXZ5BrM-TlNooNC7LeBis-heS_EOeFg8hGt95VlRzaldBDSL7zkuc73O07yVIURM5SQH26FAs6WBq4ifDcyI-8gbcXlExmoGYBpbFQSgtlYqHMLYz4jh04g4C51A-TiLNlJ6BBwEXsRAPPcWjEllGyzsEYRT4GS8dg-jJy_cl33F8WfsyCCcVQftESctWHLu_DXGxguAVTEFS8QS0IakNQU4JaEtQFQV0113lqPNPc4KkpY3c-vfn0m6kq1ib0uirWREZA9RiaN5sy_9hcASv-N91IDJ-qrtG4aKY05s0k3yXPdGFbN_MaQ7Fj-x6nCYuTkIdhFLK-H9I-ZYx5IeeOoD6MbCDNAqixsCFbsrr8BnLZksOf30dMt2HSbTD5NGjpgtYN6MUGG9mdoeBUxmoo8h5TI3DVIC8WUVyyJukuOTRdPbdyf-_VL_x-F4I9JPMC0w1y3eAj-YBgLb02XVU12VxVtSE_ns4LOZIbtLuIswUtxP9vvScu1UrzE8fM-OabrCM6ePucMMVJmnGZrRny_YrkXOjjSjNB7p4w50V8pjQXV0qdlfnJM28dPzHKtTBGqmwGKlty4M_PwGRLDt37du_a-688Bssvw-T7Oo0iiPMFpJIgFfvfadzA_GuP9_HEXMOaXgQtriAbNah0gyptQNMxTHlgWuT64es_f93VN4jTxWmc6sXNONXpl11OD_bC6tq9llz47VcYuWP3vdgPB4NQJCFPfO57Po_6jogCGoVBFPRRmFa--NOjfwIAAP__Rkkb458EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 46d3d9d95a7afc3edb63e6570d19d603\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":426,"timings":{"blocked":328,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/style.css?ver=1.11.0.1763068703","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/style.css?ver=1.11.0.1763068703 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/css\r\ncontent-length: 13428\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:47 GMT\r\netag: \"1276c-69164b1f-182ab1;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eV1oTommEUZKKJYQPRrdrQ0TfGwx%2BEloPobBFpbNH%2F6XShtDLZcAGUwG%2Bnxp6IBORHIFF%2Bton8DD6Yd67G36BNCA4QK50S9BofP%2BhQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f21dd256a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":75628,"size_decoded":0,"mime_type":"text/css","magic":"assembler source, ASCII text","md5":"56d169d46923346cbb41e3dc7b65ea6c","sha1":"ffb38391a87f4d110538d1044e0b68ecff8330a0","sha256":"cfee2cf20fbfdf7033667b01f01ec6a53017771307433e3186c1bcb3b16d22d0","sha512":"68231f934b30d92dc7e23637cd5e7042db05c067244b91812635261983b30fa1c4cde35498ffd59a6a52dd822aa133f35cd1d3cf69069abc57c1e9f7159181e0","ssdeep":"1536:M+vfevN5dCJil/zinqEqFkQi00NtIhjwU3zl0oyEjG/2WmM1/S/5s5DX3F/Is5Du:M+3QNWJil/ziB00jKl0KyrWixLO","tlshash":"30737465af141c44932bc2a9afd5e750c63e4051df0f0edff099a528d38a69502bff8a","first_seen":"2025-11-14T04:23:09.402399Z","last_seen":"2026-05-29T14:23:29.4348Z","times_seen":102,"resource_available":false,"data":null}},"time_used":105,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pl27982089.effectivegatecpm.com/89/d6/f1/89d6f1c80b1e0bbfc99e7ec523be338e.js","fqdn":"pl27982089.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.736Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /89/d6/f1/89d6f1c80b1e0bbfc99e7ec523be338e.js HTTP/1.1\r\nHost: pl27982089.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 31772\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: pl27982089.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3e7661e10fe4f97f56c60e80eee2ad68\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81581,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9dab838086d6424ba6650c38bcb951ff","sha1":"9695d15aa4eb8db8605d8b35d3ba48e10ef5974b","sha256":"17d529aeb367cf2039aed74d498cf25a2a12861f9aae4d0055c3283132164583","sha512":"d2da7d5ed6981fe22a48937a9d756a29a30b701425608a1284b26cb892cd8e5284d9cb0733df28b1813191647d77816248136b8bb38675e45da41677b529644a","ssdeep":"1536:T6tuuYKb5yrHvXp2mbVKBw591hyGoitf68hK3vZEvF:TmnYKb5QEmbV11hyG5tinZE9","tlshash":"2183e6883f51b09903d76077222feb8bf12edc10109ee444d623e5d97b6834ae5bbe65","first_seen":"2025-11-23T07:21:30.096787Z","last_seen":"2025-11-23T07:21:30.096787Z","times_seen":1,"resource_available":true,"data":null}},"time_used":524,"timings":{"blocked":-1,"dns":47,"connect":94,"send":0,"wait":101,"receive":94,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982089.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9bc8b6a0f162da8d7a0d1e3abeaaf9d3/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.328Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 22:02:13 GMT","end":"Thu, 08 Jan 2026 22:02:12 GMT"},"fingerprint":{"sha1":"77:A0:FB:EB:5C:7E:49:7D:87:94:CB:C5:AB:72:11:AE:6F:98:F7:81","sha256":"A3:92:D0:6C:23:66:83:18:50:AC:6C:E2:27:1F:6A:82:CE:FC:2B:6B:7E:B7:B3:EA:B9:6A:56:B2:EC:04:AF:40"}}},"request":{"raw":"GET /9bc8b6a0f162da8d7a0d1e3abeaaf9d3/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18536\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8164487e38310330b388012bffe375ad\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46502,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46502), with no line terminators","md5":"6a551666508e3a458709d9dd42d7d132","sha1":"f52547bc09c5e716cfae1336918298f84fa40da7","sha256":"d98b6e36ea434011b53cc6f7ae61d84c6d6269685ff014459603fe878dbc0862","sha512":"31c4360e503ad2e0370085cbae56ea479c2b8eb8daeb176a35b940e8dfc57d51536e4dc758a4037cb5e8645be31f4638d2f5e7d86464f095a1e7125878ad48ca","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/l1t:c9VtXvZYD6s/7V1Pela1Y/oJCZt1t","tlshash":"f523e88a3f91f05d83da317732af900bf85e4c966188d044e543b4b4effa36ae536a14","first_seen":"2025-11-23T07:21:30.098979Z","last_seen":"2025-11-23T07:21:30.098979Z","times_seen":1,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.590Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a933bbcdb1837aa8c34c7333ad3187bc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-10T02:25:10.749544Z","times_seen":18512,"resource_available":true,"data":null}},"time_used":152,"timings":{"blocked":-1,"dns":39,"connect":17,"send":0,"wait":28,"receive":18,"ssl":47},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=563","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=563 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:50 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/08/cropped-Logo-192x192.png","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/cropped-Logo-192x192.png HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1; pp_main_8e2c5d0a9e14a08bcedae6c1b8957fa4=1; sb_main_89d6f1c80b1e0bbfc99e7ec523be338e=1; sb_count_89d6f1c80b1e0bbfc99e7ec523be338e=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=foldingcutleryhelium.com; pbpr0tpuw4isk85t8yg3jb2lj5vqf=kettledroopingcontinuation.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 5474\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:50 GMT\r\netag: \"1562-6908fce7-17b6b1;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BhSwpoz%2BhsbAzqpixR5wpicaqEm%2BV1bQgVtbQXU8RqLy9LMWyiqY4IRFOrvq3CLotl3A0ZyxPuqz8dLqfsS%2BjzysD4phEmyQHt0WQQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee8033fd556a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":5474,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit colormap, non-interlaced","md5":"6eb1a6614007c7077c1fe0be304997b3","sha1":"d93f0da55b454f791f82106ddc85c6d964b65c3f","sha256":"33dee2ac9c0fdcc7e3696c2f000e75e6803f119ed7f5598681f59d9be2761611","sha512":"c15ed21d0bb06c86a82f0af61f86b4d76b28b5fa4e1fc795e1a8b1b2660d5480fcdf8849e0065ae6312db32d20451c739296281c6eaec23f386c8c14bb69f87d","ssdeep":"96:Ixj5chzvW4w4KsKpuLcYlZzHgakxyszfn7fXOgDYejlyQ4a2fS7adEVZhZepJByW:Ixjuw4tK/puAY3HuxtHPOgVQBa2/dzHz","tlshash":"34b18df6f9783590da22d731ecc16a15a670247c398c82e7c206d87a1b530c3ee02ab7","first_seen":"2025-11-23T07:21:30.101853Z","last_seen":"2026-01-21T06:24:16.157181Z","times_seen":2,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":58,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTz48URRSuXjjBwV9ETyYd9ADRHfrX7HRLDLgiSkQgC4aDB62uqt4tp6erreofy56IRMLJDDcPHnq-GXYFCdGDR-Nm1tsmJowHswc2JvwDJhrPZmYnIb7De6-_r1P5vlevbg_KfeKjpHtXPlIbMk3pqXbLsU9clxlXtbEvXbNdp-Wctq_LbCk4ba9Pk67ecv2g5Zy03xesq055jus4ruPa56UWiVo_NWMh84eR24qcVuC13HaAdf3_b1MuwFALvNonL0LyyXNPk08g2RhZ74dzwnQLlb_5Xq9MaaE0Kr71cdbNVJ2h96xNtIUk25r_DWUmhHyzAJVtzR1AVaOpA8RyQhZefoI425rLRFzdO1AapxAZYn4UdTWGSMeQdAymbkHyxwRgHJcuI-ttXlK6pjcOWDplJ-Twv39D1hNy-MkxZL1Hy6lct6-qtCykygzWkwZyfQy5OkZe7qDYsCDrHbDiS0j-G3FeOYqs9-ADVcmuXQndheR7r3u-w922kyxGQeQsBtSni7Gg4WLoJsJzIz_yQm82KJmMQc0CSmOhlBbKxEKZW-jxPTtwwoC51F9KIs46TkCDgIvYiULPcWjEOijZ1EEfRd4HS_tg-qvNnK8V3WpU6FKMyoyZgfvdAeR1ZuDmFPQ6A_dh-Wmeep0wdNthe-Ai1zfRlXcnhNz2octtmLUGhlswBUHFG9SCoDYENSWoJUFdENRVc4-nxjPNJk9NGbvz6s2r3wxVsTqg91SxKjICqvvQvBnJ_AtzC6w4NNxIDB-qaaJx0QxpzJtBvk9emF6NdT-v0BV7dhjxpcRloRO7wonjhEWR6AjW9vxY-H4oYGQDaRZAjYUNOSErnbPI5YSc_HobMd2BSXfA5POg5augdQO61mAje9QVnMpYdUXeYqoHrhrkxWEUN6xBuk9eGq5cW96e7chn545DsF0yDzDdINcNPpe_Eqymd4YrqiajFVUb8uPlvJA9uUGn-3O1oIWwHnwobtRK8wvnTP_-O2xKTNuH14QpLtKMy2zVkO-XJedCn1eaCfLzBXNdxFdKs7Zc6qzML1559_yFXq6FMVJlY1A5IUe-fQNMTsixE2dmb6P9z59g-U2YfPfMU38WMIogzi2kkiAVz_TTuIERu2ePvfbHkbfzEWKx-8tfB9zA3MGqtkCLW8h6DSrdoEob0LQPUx4aFrnePfP7_Pw4tYZxqq1RnOr07sGcjNyzE194zHHCzpLrh4lw_YCzpB0GEV-iju8LFGYij__0-L8AAAD__yveHXm-BAAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.684Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTz48URRSuXjjBwV9ETyYd9ADRHfrX7HRLDLgiSkQgC4aDB62uqt4tp6erreofy56IRMLJDDcPHnq-GXYFCdGDR-Nm1tsmJowHswc2JvwDJhrPZmYnIb7De6-_r1P5vlevbg_KfeKjpHtXPlIbMk3pqXbLsU9clxlXtbEvXbNdp-Wctq_LbCk4ba9Pk67ecv2g5Zy03xesq055jus4ruPa56UWiVo_NWMh84eR24qcVuC13HaAdf3_b1MuwFALvNonL0LyyXNPk08g2RhZ74dzwnQLlb_5Xq9MaaE0Kr71cdbNVJ2h96xNtIUk25r_DWUmhHyzAJVtzR1AVaOpA8RyQhZefoI425rLRFzdO1AapxAZYn4UdTWGSMeQdAymbkHyxwRgHJcuI-ttXlK6pjcOWDplJ-Twv39D1hNy-MkxZL1Hy6lct6-qtCykygzWkwZyfQy5OkZe7qDYsCDrHbDiS0j-G3FeOYqs9-ADVcmuXQndheR7r3u-w922kyxGQeQsBtSni7Gg4WLoJsJzIz_yQm82KJmMQc0CSmOhlBbKxEKZW-jxPTtwwoC51F9KIs46TkCDgIvYiULPcWjEOijZ1EEfRd4HS_tg-qvNnK8V3WpU6FKMyoyZgfvdAeR1ZuDmFPQ6A_dh-Wmeep0wdNthe-Ai1zfRlXcnhNz2octtmLUGhlswBUHFG9SCoDYENSWoJUFdENRVc4-nxjPNJk9NGbvz6s2r3wxVsTqg91SxKjICqvvQvBnJ_AtzC6w4NNxIDB-qaaJx0QxpzJtBvk9emF6NdT-v0BV7dhjxpcRloRO7wonjhEWR6AjW9vxY-H4oYGQDaRZAjYUNOSErnbPI5YSc_HobMd2BSXfA5POg5augdQO61mAje9QVnMpYdUXeYqoHrhrkxWEUN6xBuk9eGq5cW96e7chn545DsF0yDzDdINcNPpe_Eqymd4YrqiajFVUb8uPlvJA9uUGn-3O1oIWwHnwobtRK8wvnTP_-O2xKTNuH14QpLtKMy2zVkO-XJedCn1eaCfLzBXNdxFdKs7Zc6qzML1559_yFXq6FMVJlY1A5IUe-fQNMTsixE2dmb6P9z59g-U2YfPfMU38WMIogzi2kkiAVz_TTuIERu2ePvfbHkbfzEWKx-8tfB9zA3MGqtkCLW8h6DSrdoEob0LQPUx4aFrnePfP7_Pw4tYZxqq1RnOr07sGcjNyzE194zHHCzpLrh4lw_YCzpB0GEV-iju8LFGYij__0-L8AAAD__yveHXm-BAAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:50 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+e36c6b5c2ebee8848a1ea5cdee2bad96=6308898; expires=Mon, 24 Nov 2025 07:20:50 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Mon, 24 Nov 2025 07:20:50 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8ac8c7ccbba9e0ef6db301c40a2f2498\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":97,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/js/lazyload.js?ver=1.0.0 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 2036\r\netag: \"167b-69164b1f-182a79;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BxBKpCLAODS%2BLj%2B8ZH8u6J0s2g7S9G8fFd3032wpMMwusdx4zkmNr9sBPr9A%2FtblcHX4cH3Obi3RJzGBBF2VCaGIvQ6w800iNtWJ5Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f22de056a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":5755,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (5710)","md5":"6dcca58db348f35d6eee39aadb7cd280","sha1":"0a513a0ebed60f4b0b4d69f7aaf519feaadbfaec","sha256":"2683c87843149db588b42abb7ef80b2815438fc44b368e1a855983f93ae431e4","sha512":"ee897cdc326f80eb18c74b3c42fe1b97b3b16c0be8f048a763cb33db134fa47dc2eb07bc1ba6cd8feb91385d791aa89a28816fd49217a57763dc54df1ef3693e","ssdeep":"96:IncwFK9HqOq0tioGJULBx7PYuyrr5VrcAeS1h3osyTaZ+1KZZ/p5k1QDSYRV9uR5:M9YH9qfJ2x7PYf5BcVSPfq+DkGDjP9u/","tlshash":"5fc15308b065b43f65777032523f130bb23a606778884494f6b4eae99ebc81e5923f7d","first_seen":"2023-03-07T12:12:33Z","last_seen":"2026-06-10T00:06:15.427032Z","times_seen":3941,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.125.70.62","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://kedaibokep.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=602fe8be-bb73-4470-80af-710054584f05:1:1; expires=Wed, 21 Nov 2035 07:20:48 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"2d23c4f781703e9c0d0c85023961a21f","sha1":"113fa3f4ccb0b370cef72bd93ac3c980d4dff4b0","sha256":"5967fc544a1c9ac23bfcd279f983713e9b828c5e3fe92fb91748c91e480fe301","sha512":"79170ae18b4b81c2e4a33b14dce6e0a5fce6afee3d51294823d8168c3e39b3e0e2ad4eb6f6e3c56877881b1d7159ac31987f0251309ccabd5debf72af306c640","ssdeep":"","tlshash":"3b9004c41c757c413155c0140100cf0c7d0414101d01101c03ccdd10c73c051303531c","first_seen":"2025-11-23T07:21:30.104787Z","last_seen":"2025-11-23T07:21:30.104787Z","times_seen":1,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":27,"dns":0,"connect":0,"send":0,"wait":22,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/589.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.618Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/589.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 32454\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"7ec6-6908fce7-17b3d0;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=reaPqYzj8Ucome1rb5t%2Basm1%2BlictyUpLTXjuCoRd7shGZZGnD%2FdAMztCidgYBw%2F0hLvCMeZ9RggZ9TAi941ZNc4b2Vzuj%2BHv6JWRw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7b9e856a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":32454,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"9d3042dd3cdfdeea700629c21f443066","sha1":"78030ffe3ed770b5fb963ba480104a34ce6f2e88","sha256":"c86c8afe554cec3540a381f5d3604db454a58f0d97ab2e0ae51755d69913a96d","sha512":"72eb464c88ffe804027141a58280ef38b37a1bb5a0519c69b095cabea544225c30f50176991b89a33b4981b9104893c2174cfe791b38b14933773648cf1cf356","ssdeep":"768:i4fNHhpy+B46kTWkMbvcZc5Cw0F2Z9j9RBx6d/Qjg4XkFau:i4lHhp1BzkTWkMbEZaW21x4/Q84Xkku","tlshash":"a6e2e134f84791dea31af8b61ef4b8688e9e8036e587e68f50d59101bc8818ad34679d","first_seen":"2025-11-23T07:21:30.106488Z","last_seen":"2025-11-23T07:21:30.106488Z","times_seen":1,"resource_available":false,"data":null}},"time_used":109,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/10/1059.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.661Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/10/1059.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26177\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"6641-6908fce6-17a13c;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:10 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VA9g3VmwzUmSsqS2sH4puswp2PJBMja1gTZIgx1ROD8BLq1KHS1czLESq6OoYEN9ahsbsToj0R8MlHH07UVekfxjPA2Xgoo4%2BEs4Eg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7da1a56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26177,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"17654cf98b237a40933650b6a0510cc1","sha1":"b481a5d8532a70df289fab6414214a6a3cfb9e98","sha256":"6d3b594d89a84f1f0d55603805f72ac4b3a89b6172ce339c9a6a8dfe4464b4a4","sha512":"ba5e7eac908031bd6c92ac44ba7717aefd91d870718a7f84bc990fc98bc56fe358503d97faefab17f6f13440d3847d303f6ac5807d25edd7c8c71abc0efe1974","ssdeep":"384:8zXVAFRRvefKBF9EdoQ5sa7IID10/1XqoOG9Nc4tQygXbi10yeYi2IGg8VMQW80Z:uOfR2fz8uN0tyG9v91DetogMMQWNfX","tlshash":"5ac2e120bf2f23f1d847e1fcbfe5180ac87e664e58dad16fb7f29a2704180595856245","first_seen":"2025-11-23T07:21:30.108391Z","last_seen":"2025-11-23T07:21:30.108391Z","times_seen":1,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.276880797680.js?dev=e\u0026key=6b59e6699e45dd3d2d19a55f904013ec\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=4d266fb1016c63eed670b761685e9de57aa317850f0080e74066ad9dd3aa80805b16d20d10110ce5e0ed603960ff00e9d01a95622cc9ef413da18bfb6be03f81f67b4024910637c42e0cb4c5577fa70184d5943af481029d47da8d\u0026tz=0\u0026uuid=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.276880797680.js?dev=e\u0026key=6b59e6699e45dd3d2d19a55f904013ec\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=4d266fb1016c63eed670b761685e9de57aa317850f0080e74066ad9dd3aa80805b16d20d10110ce5e0ed603960ff00e9d01a95622cc9ef413da18bfb6be03f81f67b4024910637c42e0cb4c5577fa70184d5943af481029d47da8d\u0026tz=0\u0026uuid=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nReferer: https://kedaibokep.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 2248\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d:2:1; expires=Sun, 30 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv27=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs27=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nu_pl27881585=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 18\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7047c0cf95dbfb669a7480f87213ccf7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":4653,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3777)","md5":"dcc603f2d9d54c016aed6167559f377b","sha1":"264f07fa6a038199301d6cdfa3d1315e2476860c","sha256":"74b21c7a742040a298a92c5de63a982955b03a2568d37da986781f47f7e85003","sha512":"d700541c7ddce2c47b2c73b3eaacc5d6d53b573aa7db0607daf554252d96dcb49e9d6f06d0d6dcb5414fd6570b39795e7bd1b876425178339c1f54d519f9b7e1","ssdeep":"96:snl0ozvsJlawhh/qmv4RI5ydp+xSqL4efk/lhh/qmv4RI5ydp+xSqL4e91ZDurtv:IlNzIl1nv55yd8Zfk7nv55yd8ZHVurtv","tlshash":"73a13ba92bac90fc746751bf0137ea083ca1d11b6839cd45b5ccd6016b617b1d87eee4","first_seen":"2025-11-23T07:21:30.110165Z","last_seen":"2025-11-23T07:21:30.110165Z","times_seen":1,"resource_available":false,"data":null}},"time_used":119,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/b6/5b/1c/b65b1cf51705640151362d9bac4923cd/1756662083.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/b6/5b/1c/b65b1cf51705640151362d9bac4923cd/1756662083.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 60318\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:41:23 GMT\r\netag: \"68b48943-eb9e\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60318,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:33:45], progressive, precision 8, 320x240, components 3","md5":"966e6f8ade8598adc3b34c3b44b5a336","sha1":"408489c1dac8b455a5d76d83f79843c029f62344","sha256":"9f492d84c3eee3a470cdd18490f011829b896ddc531efe104df0143dc52db04e","sha512":"364731deca5e406f8d555e952287418dace9acef8d583bdc84ced07fb92da26db076a3946a566d5d82ad797357d7ea0f0aa8e3b009c647ea4d589aa76da3c043","ssdeep":"1536:LDy3bDOsDy3bDOUopIMYiW8UzK8dMhg7gmaZSDw2Y:HhwhUgIBWgEyw2Y","tlshash":"9c43d0a1e392de69f4c0d63e94c2e6d2f3521991a3d3da047c9c3f8277e52a70d5d282","first_seen":"2025-09-02T17:23:30.704726Z","last_seen":"2026-05-24T21:18:31.068638Z","times_seen":1366,"resource_available":false,"data":null}},"time_used":1030,"timings":{"blocked":451,"dns":0,"connect":21,"send":0,"wait":71,"receive":54,"ssl":430},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=192","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=192 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":268,"timings":{"blocked":173,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/08/Judul-e1754128710326.png","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.616Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Judul-e1754128710326.png HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 32914\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"8092-6908fce7-17b657;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xFkxuWecZoX%2BnLSEOPeLmlenRK75wzqZZirYluba46tI74gEl3os4eSldQTe3iFmaYYY%2BtTWWXkbXJW2dr4ptn96xdcyF6aJdZoIjw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7b9e156a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":32914,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 101, 8-bit colormap, non-interlaced","md5":"0afebd674d69e0c56c1070a04fac8b0d","sha1":"af464e665363c6598259926a93b0fdf3d572c183","sha256":"6209e09a8daa14e79c2efb42a6269ea8f589ec0ee734b4ae0992a91385c97e4e","sha512":"aa4712cce5a1fcd0a6f29cefe24407823309f33ef2a70adda05ca43aa17dca08cffa7ea0179ccbca9ac37352d670c5b380e12b527e163cbbc8b3fe32397205a7","ssdeep":"768:tNGEfolBLXgiaoGD5weZqTLoV04VjG+1x7aOW1fKTy:/GG6OiRGDuGqTLoSy1QJ1foy","tlshash":"fae2027d5aa1d81ba974b43f72b4f1d0b5d73f1f3048adda2ba21a086c8170918277ed","first_seen":"2025-11-23T07:21:30.112614Z","last_seen":"2026-01-21T06:24:16.151809Z","times_seen":2,"resource_available":false,"data":null}},"time_used":115,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 11337\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 17\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4423743f5ceae9244ba294cd6c9d6776\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16196,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3c85eec05096c240c29b01113bf08ddc","sha1":"55caac9c556b6ec034b2301c7eb13f86a2d3fe1b","sha256":"8d240517d6bf8fa1e348937af75f506b5ab839ededaf8e0209649867ae478ca8","sha512":"1c82c511650baeaa839f6fcfb9a7382f9734e4150987c8f20b2f1bdfd5e51817f5a52d865a8e48d4002aeb04d3c227dfb5968a7b72a0cf2da967d5bca76f4977","ssdeep":"384:NvqVW13jGmkgKZxwmuo1JPR4ivnUVxrQTY2:NgWVjExfJJ4ifSx+","tlshash":"4572bff5921c746f1d45fff8b46e25886c9150b36ec4ff86c21e2ba92c34146b17b242","first_seen":"2025-11-23T07:21:30.114152Z","last_seen":"2025-11-23T07:21:30.114152Z","times_seen":1,"resource_available":false,"data":null}},"time_used":836,"timings":{"blocked":353,"dns":82,"connect":94,"send":0,"wait":114,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv48VVRi9s75YQOEPjLYTYwGJ-5hfb_aNFOqKKBGBLBgKQ3Hn3jvL9c2bO947P5atUBJCLMyaWKiNs-ctrCAhWlhCyFsaQ6JhCuMWbOMfYIyJtZndl6x-xfm-b84U55z7XVsvd4iPkm6ffV-tyjSlRwd9xz58QWZc1cY-fd52nb5zzL4gszA4Zq90oKvXXD_oO0fsdwQbqaOe4zqO67j2CalFolaO7rKQ-Z3I7UdOP_D67iDAiv7_bkoLhlrg1Q55HpK3z_yRfAjJpsjGPxwXZlSo_NW3x2VKC6VR8c0PslGm6gzj_THRFpJsc_Y3lGkJ-WoOKtucOYCqNjoHiGVL5l58gjjbnMlEXN3YUxqnEBlifhB1NYVIp5B0CqauQvLHBGAcp88gG988rXRNL--xtGNb0vvnb8i6Jb0nLyAb311M5Yp9TqVlIVVmsJI0kCtTyOUp8nILxaoFWW-BFZ9C8l-I89JBZOPb76pKjuxK6BEk337F8x3uDpxkPgoiZz6gPp2PBR3OD91EeG7kR97Q2w1KJlNQM4fSWCilhTKxUOYWxnzbDpxhwFzqh0nE2YIT0CDgInaioec4NGILKFnnYA1FvgaWroHpK8j1J99xf0H4MQvWKUbyi5aQaz50-QDmUgPDLZiCoOINakFQG4KaEtSSoC4I6qq5wVPjmeYmT00Zu7PuzbrfTFSxvE5vqGJZZARUr0HzZkPmH5urYMVTk9XE8InqgMZFM6Exb9bzHfJcF7Z1K68xEtu273GasDgJeRhGIRv4IR1QxpgXcu4I6sPIBtLMgRoLq7IlSwtvIJctOfL5A8R0CybdApPPgpYuaN2AXmqwmt0dCU5lrEYi7zM1BlcN8qKH4rK1nu6QQ5Ol84sPdl_94m-_QrBHZFZgukGuG3wkHxIsp9cnS6omG0uqNuTHM3khx3KVdhdxrqCFePr2e-JyrTQ_edys3XqTdUQ33jkvTHGKZlxmy4Z8vyg5F_qE0kyQeyfNBRGfLc2lxVJnZX7q7FsnTo5zLYyRKpuCypYc-OszMNmSQ_e_3b32weE_wfIrMPm-TqMI4ryHVBKkYv87jRuY_-zx_rxurmNZ90CLq8jGDSrdoEob0HQNpjwwKXL96PWfv-7qG8RpbxKnurcRpzr9siUXf3_Ywb0O7u_FZuS2PfBiPxwOQ5GEPPG57_k8GjgiCmgUBlEwQGFa-fJPj_8NAAD__1jaT6SfBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.534Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv48VVRi9s75YQOEPjLYTYwGJ-5hfb_aNFOqKKBGBLBgKQ3Hn3jvL9c2bO947P5atUBJCLMyaWKiNs-ctrCAhWlhCyFsaQ6JhCuMWbOMfYIyJtZndl6x-xfm-b84U55z7XVsvd4iPkm6ffV-tyjSlRwd9xz58QWZc1cY-fd52nb5zzL4gszA4Zq90oKvXXD_oO0fsdwQbqaOe4zqO67j2CalFolaO7rKQ-Z3I7UdOP_D67iDAiv7_bkoLhlrg1Q55HpK3z_yRfAjJpsjGPxwXZlSo_NW3x2VKC6VR8c0PslGm6gzj_THRFpJsc_Y3lGkJ-WoOKtucOYCqNjoHiGVL5l58gjjbnMlEXN3YUxqnEBlifhB1NYVIp5B0CqauQvLHBGAcp88gG988rXRNL--xtGNb0vvnb8i6Jb0nLyAb311M5Yp9TqVlIVVmsJI0kCtTyOUp8nILxaoFWW-BFZ9C8l-I89JBZOPb76pKjuxK6BEk337F8x3uDpxkPgoiZz6gPp2PBR3OD91EeG7kR97Q2w1KJlNQM4fSWCilhTKxUOYWxnzbDpxhwFzqh0nE2YIT0CDgInaioec4NGILKFnnYA1FvgaWroHpK8j1J99xf0H4MQvWKUbyi5aQaz50-QDmUgPDLZiCoOINakFQG4KaEtSSoC4I6qq5wVPjmeYmT00Zu7PuzbrfTFSxvE5vqGJZZARUr0HzZkPmH5urYMVTk9XE8InqgMZFM6Exb9bzHfJcF7Z1K68xEtu273GasDgJeRhGIRv4IR1QxpgXcu4I6sPIBtLMgRoLq7IlSwtvIJctOfL5A8R0CybdApPPgpYuaN2AXmqwmt0dCU5lrEYi7zM1BlcN8qKH4rK1nu6QQ5Ol84sPdl_94m-_QrBHZFZgukGuG3wkHxIsp9cnS6omG0uqNuTHM3khx3KVdhdxrqCFePr2e-JyrTQ_edys3XqTdUQ33jkvTHGKZlxmy4Z8vyg5F_qE0kyQeyfNBRGfLc2lxVJnZX7q7FsnTo5zLYyRKpuCypYc-OszMNmSQ_e_3b32weE_wfIrMPm-TqMI4ryHVBKkYv87jRuY_-zx_rxurmNZ90CLq8jGDSrdoEob0HQNpjwwKXL96PWfv-7qG8RpbxKnurcRpzr9siUXf3_Ywb0O7u_FZuS2PfBiPxwOQ5GEPPG57_k8GjgiCmgUBlEwQGFa-fJPj_8NAAD__1jaT6SfBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: close\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8aae982ee5294349eccdc3c5115808ff\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":453,"timings":{"blocked":356,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:50 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8dMPzDUMfdO0TLclcpXlK5N9venBmJFzNDB20Q1ZxhRNmIywCHWrbHL4%2Bycp%2FQ0gf%2Bc42ApSrAAcFGKnVk9HPTMfBe46cWY2ookICVSn\"}]}\r\ncf-ray: 9a2ee7fef9175691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-06-02T13:53:14.560436Z","times_seen":1695,"resource_available":false,"data":null}},"time_used":604,"timings":{"blocked":62,"dns":33,"connect":2,"send":0,"wait":478,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.800Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 4345540\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nM4OdXVSLP1QvOm6Zhb3nBYcpp94rE2PfTib2wwisrv6FFV7%2Bgok8wpbRE9KHUNppvGMWOd%2B4zQ4ktomA6ms%2Fk%2F7De%2FxQ6%2FP6G7grnh1\"}]}\r\ncf-ray: 9a2ee7ff39375691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-06-06T14:28:51.935393Z","times_seen":3223,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1360.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.646Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1360.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26299\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"66bb-6920f794-3db9;;;\"\r\nlast-modified: Fri, 21 Nov 2025 23:36:52 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ebrjkIHdCEknJ%2FaIHI50%2FheyDDk6H2QnXyvIruafK5X%2FEQmRTrTLlfsih96w9%2FrCqhuerN%2FcV%2BWYpi06p8aGcCIYLKY%2F8dQ4PxInew%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0956a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":26299,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"beb6791845f058d17cfbb4c5c7587f16","sha1":"dd61c623c111d20175b419af0d70cbc714b28936","sha256":"214577fa669897882d0e6075ba8fb5175f7e74fb8287ca83ec13048365f3ece5","sha512":"ab04507f10cc90a6625a0551fe22ee864f331d8e12711ac12ccc34f1ddc480fd6cae965354bacf21336afc34bffb881cdb15bf79dca51712044839b0ec9254be","ssdeep":"768:hzpQcy6yQB9MG5NGR33E9MdJGUBUae5SjHC2k4m:hzp5y6eIc+MdJGaLm","tlshash":"d3c2d0087d1117336563e7788bde21cfba7b5aa58c511e3e98f1cd664c804a4ebbd08c","first_seen":"2025-11-23T07:21:30.117899Z","last_seen":"2025-11-23T07:21:30.117899Z","times_seen":1,"resource_available":false,"data":null}},"time_used":49,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIMQceyTIEpI34gKfhPgLEBIxmvNKBy-o997UBFXV79qk3CM-Srp77m01kmlKj3U7jv38RZlxVRv7zAXbdTrOcfuizMLguD1sQVcvuX7QcY7abwjWV8c8x3Uc13Htk1KLRA2P7bOQ-Z3I7UROJ_A6bjfAUP93N6UFQy3wao88Ccnnj_2RvAvJZsgG354Qpl-o_MXXB2VKC6VR8a13sn6m6gyDgzHRFpJsa_E3lJkT8vkSVLa1cABVbbYOEMs5WXr6IeJsayETcXXjkdI4hcgQ88OoqxlEOoOkMzB1FZI_IADjOHMW2eDmGaVrevkRS1t2Tpb__guynpPlh08hG9xdS-XQPq_SspAqMxgmDeRwBrkxQ17uoBhZkPUOWPERJP-VOM8cRja4_aaqZN-uhO5D8t3nPN_hbtdJVqIgclYC6tOVWNDeSs9NhOdGfuT1vP2gZDIDNUsojYVSWigTC2VuYcB37cDpBcylfphEnK06AQ0CLmIn6nmOQyO2ipK1DsYo8jFYOgbTV5DrD7_m_qrwYxZMKPry0zkh13zochvmUgPDLZiCoOINakFQG4KaEtSSoC4I6qq5wVPjmeYmT00Zu4vuLbrfTFWxMaE3VLEhMgKqx9C82ZT5B-YqWPG_6SgxfKpaoHHRTGnMm0m-R55ow7Zu5TX6Ytf2PU4TFichD8MoZF0_pF3KGPNCzh1BfRjZQJolUGNhJOdkffUV5HJOjn6yjZjuwKQ7YPJx0NIFrRvQSw1G2d2-4FTGqi_yDlMDcNUgL5ZRXLYm6R45Ml2_sLa9_-rv_fYTBLtPFgWmG-S6wfvyZ4KN9Pp0XdVkc13Vhnx3Ni_kQI5oexHnC1qI_99-S1yuleanTpjxrVdZS7TjnQvCFKdpxmW2Ycg3a5JzoU8qzQT54ZS5KOJzpbm0VuqszE-fe-3kqUGuhTFSZTNQOSeH_vwYTM7JkXtf7V9794XfwfIrMPmBTqMI4txCKglScfCdxg3Mv_b4YJ6Y69jQy6DFVWSDBpVuUKUNaDqGKQ9Ni1zff_mXL9r6EnG6PI1TvbwZpzr9bD-nFu61sNPCjzBy1-56sR_2eqFIQp743Pd8HnUdEQU0CoMo6KIwc_ns9w_-CQAA___EUDnUnwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.280Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIMQceyTIEpI34gKfhPgLEBIxmvNKBy-o997UBFXV79qk3CM-Srp77m01kmlKj3U7jv38RZlxVRv7zAXbdTrOcfuizMLguD1sQVcvuX7QcY7abwjWV8c8x3Uc13Htk1KLRA2P7bOQ-Z3I7UROJ_A6bjfAUP93N6UFQy3wao88Ccnnj_2RvAvJZsgG354Qpl-o_MXXB2VKC6VR8a13sn6m6gyDgzHRFpJsa_E3lJkT8vkSVLa1cABVbbYOEMs5WXr6IeJsayETcXXjkdI4hcgQ88OoqxlEOoOkMzB1FZI_IADjOHMW2eDmGaVrevkRS1t2Tpb__guynpPlh08hG9xdS-XQPq_SspAqMxgmDeRwBrkxQ17uoBhZkPUOWPERJP-VOM8cRja4_aaqZN-uhO5D8t3nPN_hbtdJVqIgclYC6tOVWNDeSs9NhOdGfuT1vP2gZDIDNUsojYVSWigTC2VuYcB37cDpBcylfphEnK06AQ0CLmIn6nmOQyO2ipK1DsYo8jFYOgbTV5DrD7_m_qrwYxZMKPry0zkh13zochvmUgPDLZiCoOINakFQG4KaEtSSoC4I6qq5wVPjmeYmT00Zu4vuLbrfTFWxMaE3VLEhMgKqx9C82ZT5B-YqWPG_6SgxfKpaoHHRTGnMm0m-R55ow7Zu5TX6Ytf2PU4TFichD8MoZF0_pF3KGPNCzh1BfRjZQJolUGNhJOdkffUV5HJOjn6yjZjuwKQ7YPJx0NIFrRvQSw1G2d2-4FTGqi_yDlMDcNUgL5ZRXLYm6R45Ml2_sLa9_-rv_fYTBLtPFgWmG-S6wfvyZ4KN9Pp0XdVkc13Vhnx3Ni_kQI5oexHnC1qI_99-S1yuleanTpjxrVdZS7TjnQvCFKdpxmW2Ycg3a5JzoU8qzQT54ZS5KOJzpbm0VuqszE-fe-3kqUGuhTFSZTNQOSeH_vwYTM7JkXtf7V9794XfwfIrMPmBTqMI4txCKglScfCdxg3Mv_b4YJ6Y69jQy6DFVWSDBpVuUKUNaDqGKQ9Ni1zff_mXL9r6EnG6PI1TvbwZpzr9bD-nFu61sNPCjzBy1-56sR_2eqFIQp743Pd8HnUdEQU0CoMo6KIwc_ns9w_-CQAA___EUDnUnwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e69894e0e998863d62a764d50891ad5b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":78,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvW8c1Rd949_qVyQFH0HQjhAFQXgzXzveIQVgQiAiJJETlAKlePPeG-exs_OG9-bDcRWIFEUUyEgUQMPsWScmIYqgoEECRes0KBIoUyBcxAX8BQiJGo2zkuEW9547Z4pzzrtXJ-Uu8VHSnTNvq3WZpvTIoO_Yz5-XGVe1sU-ds12n7xy1z8ssDI7aa13T1UuuH_Sdw_Ybgo3UEc9xHcd1XPu41CJRa0f2WMj8duT2I6cfeH13EGBN_3c3pQVDLfBqlzwJydvH_kjehWQzZONvjgkzKlT-4uvjMqWF0qj41jvZKFN1hvE-TLSFJNua_w1lWkI-W4DKtuYOoKrNzgFi2ZKFpx8izrbmMhFX1x8pjVOIDDE_iLqaQaQzSDoDU1cg-QMCMI5Tp5GNb5xSuqaXHrG0Y1vS-_svyLolvYdPIRvfWU7lmn1WpWUhVWawljSQazPI1RnychvFugVZb4MVH0Lyn4nzzEFk41tvqkqO7EroESTfec7zHe4OnGQxCiJnMaA-XYwFHS4O3UR4buRH3tDbC0omM1CzgNJYKKWFMrFQ5hbGfMcOnGHAXOqHScTZkhPQIOAidqKh5zg0YksoWedgA0W-AZZugOnLyPUHX3F_SfgxCyYUI_lJS8hVH7q8C3OxgeEWTEFQ8Qa1IKgNQU0JaklQFwR11VznqfFMc4Onpozd-fTm02-mqlid0OuqWBUZAdUb0LzZlPn75gpY8b_pemL4VHWNxkUzpTFvJvkueaIL27qZ1xiJHdv3OE1YnIQ8DKOQDfyQDihjzAs5dwT1YWQDaRZAjYV12ZKVpVeQy5Yc_vguYroNk26DycdBSxe0bkAvNljP7owEpzJWI5H3mRqDqwZ50UNxyZqku-TQdOXc8t29V7_w2wyC3SfzAtMNct3gPXmPYDW9Nl1RNdlcUbUh357OCzmW67S7iLMFLcT_b70lLtVK8xPHzMbNV1lHdPD2OWGKkzTjMls15OtlybnQx5VmgvxwwpwX8ZnSXFwudVbmJ8-8dvzEONfCGKmyGahsyYE_PwKTLTn045d71z544Xew_DJMvq_TKII47yGVBKnY_07jBuZfe7yPJ-YaVnUPtLiCbNyg0g2qtAFNN2DKA9Mi1_df_unzrr5AnPamcap7m3Gq00-7nO615MKvv3To-0exGbljD7zYD4fDUCQhT3zuez6PBo6IAhqFQRQMUJhWPvvdg38CAAD__53SYJafBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.510Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvW8c1Rd949_qVyQFH0HQjhAFQXgzXzveIQVgQiAiJJETlAKlePPeG-exs_OG9-bDcRWIFEUUyEgUQMPsWScmIYqgoEECRes0KBIoUyBcxAX8BQiJGo2zkuEW9547Z4pzzrtXJ-Uu8VHSnTNvq3WZpvTIoO_Yz5-XGVe1sU-ds12n7xy1z8ssDI7aa13T1UuuH_Sdw_Ybgo3UEc9xHcd1XPu41CJRa0f2WMj8duT2I6cfeH13EGBN_3c3pQVDLfBqlzwJydvH_kjehWQzZONvjgkzKlT-4uvjMqWF0qj41jvZKFN1hvE-TLSFJNua_w1lWkI-W4DKtuYOoKrNzgFi2ZKFpx8izrbmMhFX1x8pjVOIDDE_iLqaQaQzSDoDU1cg-QMCMI5Tp5GNb5xSuqaXHrG0Y1vS-_svyLolvYdPIRvfWU7lmn1WpWUhVWawljSQazPI1RnychvFugVZb4MVH0Lyn4nzzEFk41tvqkqO7EroESTfec7zHe4OnGQxCiJnMaA-XYwFHS4O3UR4buRH3tDbC0omM1CzgNJYKKWFMrFQ5hbGfMcOnGHAXOqHScTZkhPQIOAidqKh5zg0YksoWedgA0W-AZZugOnLyPUHX3F_SfgxCyYUI_lJS8hVH7q8C3OxgeEWTEFQ8Qa1IKgNQU0JaklQFwR11VznqfFMc4Onpozd-fTm02-mqlid0OuqWBUZAdUb0LzZlPn75gpY8b_pemL4VHWNxkUzpTFvJvkueaIL27qZ1xiJHdv3OE1YnIQ8DKOQDfyQDihjzAs5dwT1YWQDaRZAjYV12ZKVpVeQy5Yc_vguYroNk26DycdBSxe0bkAvNljP7owEpzJWI5H3mRqDqwZ50UNxyZqku-TQdOXc8t29V7_w2wyC3SfzAtMNct3gPXmPYDW9Nl1RNdlcUbUh357OCzmW67S7iLMFLcT_b70lLtVK8xPHzMbNV1lHdPD2OWGKkzTjMls15OtlybnQx5VmgvxwwpwX8ZnSXFwudVbmJ8-8dvzEONfCGKmyGahsyYE_PwKTLTn045d71z544Xew_DJMvq_TKII47yGVBKnY_07jBuZfe7yPJ-YaVnUPtLiCbNyg0g2qtAFNN2DKA9Mi1_df_unzrr5AnPamcap7m3Gq00-7nO615MKvv3To-0exGbljD7zYD4fDUCQhT3zuez6PBo6IAhqFQRQMUJhWPvvdg38CAAD__53SYJafBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 711d9e1a076233ea302afcb43b1070f2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":347,"timings":{"blocked":245,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 603d4243721963a92af8907b95d42660\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":663,"timings":{"blocked":282,"dns":2,"connect":95,"send":0,"wait":98,"receive":0,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 23:40:35 GMT","end":"Tue, 27 Jan 2026 23:40:34 GMT"},"fingerprint":{"sha1":"AA:22:33:AC:0A:FC:0D:31:C5:9F:92:99:20:7A:02:E4:46:E3:08:8C","sha256":"72:5A:79:00:74:D1:90:EF:9A:D3:3F:01:E6:E5:14:1D:41:4F:F2:28:D3:FD:4C:AA:70:DE:D8:BE:C2:15:3F:EE"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3e3397b905cebb3684717d92c49cc5e3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-06-10T02:25:10.749544Z","times_seen":18512,"resource_available":true,"data":null}},"time_used":230,"timings":{"blocked":82,"dns":28,"connect":19,"send":0,"wait":26,"receive":18,"ssl":50},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=89d6f1c80b1e0bbfc99e7ec523be338e\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.036Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /sbar.json?key=89d6f1c80b1e0bbfc99e7ec523be338e\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d:2:1; pdhtkv=true; uncs=1; pdhtkv27=true; uncs27=1; u_pl27881585=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4715\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881590=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nslec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]; expires=Sun, 23 Nov 2025 07:20:54 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 217\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ad1212865116ea79032a9b006be148ee\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6070,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"165cd9489771ca869e6499fd254eb92f","sha1":"93e56ff63d5921528eba5b4c5e5fb3aa29d2189c","sha256":"fa47f851399f872ab9bc87fee00ae9b24fc4c44231beb72e2de5889437faaf65","sha512":"e284ea6f6ee6c87e4ab8021af6ac75976daed72f9284acda0011c54514ca8cc0f520c882803fbd49f55b26e778603087a4acc1f070e9ea07edce9aee76f1507d","ssdeep":"96:9uaTAaWuQC9yiVoE6T0YRXZYDV9FznN7aBGzeKX7xwGzFHiDinYh0t+7x:9eaGCMiejgYoR9FznUc6Krxwi58iYhrl","tlshash":"5cc15bad532d112aabc2158e7db07df98fb0dfc79630eb99948f512c231c0e1192e326","first_seen":"2025-11-23T07:21:30.120322Z","last_seen":"2025-11-23T07:21:30.120322Z","times_seen":1,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":310,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQBSzM7POcHs7y8z-uFwViBRFFOiQKICGvXdOTEIUQUFJsM5pUCSkXIWLuOEvQEjUaJ2TDF_xvu_bt8V7b75rk3KP-Cjp7rn31UimKT3W7Tj2yxdlxlVt7DMXbNfpOMftizILg-P2sAVdveb6Qcc5ar8jWF8d8xzXcVzHtU9KLRI1PLbPQuZ3IrcTOZ3A67jdAEP9_92UFgy1wKs98iwknz_1Z_IhJJshG_x4Qph-ofJX3x6UKS2URsW3Psj6maozDA7GRFtIsq3F31BmTsjXS1DZ1sIBVLXZOkAs52Tp-UeIs62FTMTVjcdK4xQiQ8wPo65mEOkMks7A1FVI_pAAjOPMWWSDm2eUrunlxyxt2TlZ_udvyHpOlh89h2xwdy2VQ_u8SstCqsxgmDSQwxnkxgx5uYNiZEHWO2DFZ5D8d-K8cBjZ4Pa7qpJ9uxK6D8l3X_J8h7tdJ1mJgshZCahPV2JBeys9NxGeG_mR1_P2g5LJDNQsoTQWSmmhTCyUuYUB37UDpxcwl_phEnG26gQ0CLiInajnOQ6N2CpK1joYo8jHYOkYTF9Brj_9nvurwo9ZMKHoyy_nhFzzocttmEsNDLdgCoKKN6gFQW0IakpQS4K6IKir5gZPjWeamzw1ZewuurfofjNVxcaE3lDFhsgIqB5D82ZT5p-Yq2DFE9NRYvhUtUDjopnSmDeTfI8804Zt3cpr9MWu7XucJixOQh6GUci6fki7lDHmhZw7gvowsoE0S6DGwkjOyfrqG8jlnBz9Yhsx3YFJd8Dk06ClC1o3oJcajLK7fcGpjFVf5B2mBuCqQV4so7hsTdI9cmS6fmFte__VP_rjHgR7QBYFphvkusHH8j7BRnp9uq5qsrmuakN-OpsXciBHtL2I8wUtxJO33xOXa6X5qRNmfOtN1hLteOeCMMVpmnGZbRjyw5rkXOiTSjNBfjllLor4XGkurZU6K_PT5946eWqQa2GMVNkMVM7Job8-B5NzcuTed_vX3n1lDyy_ApMf6DSKIM6XkEqCVBx8p3ED8589Ppgn5jo29DJocRXZoEGlG1RpA5qOYcpD0yLXD17_7Zu2vkWcLk_jVC9vxqlOv2pz-nU_rBbutzCDkbt214v9sNcLRRLyxOe-5_Oo64gooFEYREEXhZnLF39--G8AAAD__01bzuefBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQBSzM7POcHs7y8z-uFwViBRFFOiQKICGvXdOTEIUQUFJsM5pUCSkXIWLuOEvQEjUaJ2TDF_xvu_bt8V7b75rk3KP-Cjp7rn31UimKT3W7Tj2yxdlxlVt7DMXbNfpOMftizILg-P2sAVdveb6Qcc5ar8jWF8d8xzXcVzHtU9KLRI1PLbPQuZ3IrcTOZ3A67jdAEP9_92UFgy1wKs98iwknz_1Z_IhJJshG_x4Qph-ofJX3x6UKS2URsW3Psj6maozDA7GRFtIsq3F31BmTsjXS1DZ1sIBVLXZOkAs52Tp-UeIs62FTMTVjcdK4xQiQ8wPo65mEOkMks7A1FVI_pAAjOPMWWSDm2eUrunlxyxt2TlZ_udvyHpOlh89h2xwdy2VQ_u8SstCqsxgmDSQwxnkxgx5uYNiZEHWO2DFZ5D8d-K8cBjZ4Pa7qpJ9uxK6D8l3X_J8h7tdJ1mJgshZCahPV2JBeys9NxGeG_mR1_P2g5LJDNQsoTQWSmmhTCyUuYUB37UDpxcwl_phEnG26gQ0CLiInajnOQ6N2CpK1joYo8jHYOkYTF9Brj_9nvurwo9ZMKHoyy_nhFzzocttmEsNDLdgCoKKN6gFQW0IakpQS4K6IKir5gZPjWeamzw1ZewuurfofjNVxcaE3lDFhsgIqB5D82ZT5p-Yq2DFE9NRYvhUtUDjopnSmDeTfI8804Zt3cpr9MWu7XucJixOQh6GUci6fki7lDHmhZw7gvowsoE0S6DGwkjOyfrqG8jlnBz9Yhsx3YFJd8Dk06ClC1o3oJcajLK7fcGpjFVf5B2mBuCqQV4so7hsTdI9cmS6fmFte__VP_rjHgR7QBYFphvkusHH8j7BRnp9uq5qsrmuakN-OpsXciBHtL2I8wUtxJO33xOXa6X5qRNmfOtN1hLteOeCMMVpmnGZbRjyw5rkXOiTSjNBfjllLor4XGkurZU6K_PT5946eWqQa2GMVNkMVM7Job8-B5NzcuTed_vX3n1lDyy_ApMf6DSKIM6XkEqCVBx8p3ED8589Ppgn5jo29DJocRXZoEGlG1RpA5qOYcpD0yLXD17_7Zu2vkWcLk_jVC9vxqlOv2pz-nU_rBbutzCDkbt214v9sNcLRRLyxOe-5_Oo64gooFEYREEXhZnLF39--G8AAAD__01bzuefBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 87d0862ceee1b93032128d82d219b348\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":365,"timings":{"blocked":267,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/3e/cb/86/3ecb8661368ec67627b66e61e9b95348/1716370706.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/3e/cb/86/3ecb8661368ec67627b66e61e9b95348/1716370706.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 55427\r\nserver: nginx/1.21.6\r\nlast-modified: Wed, 22 May 2024 09:38:35 GMT\r\netag: \"664dbd1b-d883\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55427,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 728x90, components 3","md5":"b06bb7ae2540d189906c43e34d263ced","sha1":"387199d671058112bbc858e8830675a08160553d","sha256":"5badfd4a6deeb45d2867ddf90e145131b1edde007ced7347f6a3c737ea2bb391","sha512":"3e35fdff1f2575509462dd548140cdcfdb1eaf9607b12c9c5893e1ef2b94052d194e30a300a7cf58df70c2d42ca98cb4de56229533c876b8813e2aaf1108cfb9","ssdeep":"1536:XkGNq03nN+cF0SgAO1ehMlEiE4yV3j34OerA4trw:0T03BWb1ehexP0z34BA4Jw","tlshash":"6743f1d0aed3ba6be776a143451f485f8938e89482fe81875502c100e4aff5a3f59e8c","first_seen":"2024-06-22T22:57:48Z","last_seen":"2026-05-19T00:50:42.697656Z","times_seen":124,"resource_available":false,"data":null}},"time_used":246,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":89,"receive":52,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/impr.gif?sid=H4sIAAAAAAAC_1RTPYhdRRueswlfE_j8JbYXsTDi3sycmfNnCnWN0WD-3ERSWM3vZrznnjmeOT-brYKBEBRkwcby7Hs3WRJD0EI7Idy1MhDMtdoi2wgWtoKFldzNwupbvO_zzjPF8wzP3NhodhGFhu9cOOvWbJ7z49EQD169bAvlOj84d2lA8BCfGFy2RcxODFbnrWrfIJQN8bHBe1qO3PEQE4wJJoNTttLGrR7fY8GW9zIyzPCQhUMSMVit_rv7JgDPA1DtLnoerJo985v5GKycQjH-9qT2o9qVr787bnJeuwpatfVRMSpcV8D4AJoqAFNs7d8G52cIfb0ArtjadwCu3Zw7AGFnaOHoExDF1r5MEO2tp0pFDroAoY5A105B59tg-RSkuw5WPUYAUsG581CMb59zVcevPmX5nJ2hw3_9CbabocNPXoRifH8pt6uDiy5vausKD6umB7s6BbsyhbLZhnotANttg6w_A6seIfzSESjGd993rR0NWl2NwKqdV0KKFYmwWcxYhhcZp3xRaJ4upsTokGQ0C9Nw76GsmQL3C9D4ABobQGMCaMoAxmpnwHDKJOE0NpmSCWacMaUFztIQY57JBBo5d7AOdbkOMl8HWV2DsroGI_vVDKG_P5wh9OiPGUI3KFTNA_BXdn4wOgsTwzKGtcoUp6GUOOJEy1TFqaJpYiIsOU9SGVISZYQyghOpwlCIxChsUsWkEVKkkitNUkZNKEPBaJxgwXAS0kiYWKSYMZWQJAlFRqJYZ2mUcUqo0EbzRGQyShkmTGsRUUZJJoRhjGWRUYRlmskwYSQ0CdMpiZmRCrwKwNcIWtVDpxF0HkHHEXQWQVcj6Nr-lsp96PvbKveNIPsz3J-0n7h6ZYPfcvWKLhDwah0q1W_a8lN_HWR9aLJmvJq4eeOi7idcqH6j3EXPzSMS3ClrGOmdQYTTOJKpzkyKI0ljFcc8CnUc6lSnhiXgbQ_WLwD3AazZGVpO3oLSztCxLx-A4Nvg822Q9lngzQB4N6EhBn4FIgxrxf2RVtwKN9LlULoxKNdDWR-G-mqwke-iFybLl5Ye7AX2zNnPQcuHaL9AVj2UVQ-f2J8QrOQ3J8uuQ5vLrvPou_Nlbcd2jc_DfLHmtf7f3Q_01c5V6vRJv37nbTkn5vDeJe3rM7xQtljx6Jslq5SuTrlKavTjaX9ZiwuNv7LUVEVTnrnwzqnT47LS3ltXTIHbx_pnkHaG_v97u_dNX_viKMjyGvjyQKV3CESJILcIcn1wzkUP_l-7OMAb_iasVAHw-joU4x7aqoc274Hn6-CbQ5O6rB6--SvdKxB5MBF5hTZFXs15uzMwVIcS4zSJCU2NJpQpaaKUZSrmmFINtZ_Zl7__5Z8AAAD__3v01hpEBQAA","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.589Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTPYhdRRueswlfE_j8JbYXsTDi3sycmfNnCnWN0WD-3ERSWM3vZrznnjmeOT-brYKBEBRkwcby7Hs3WRJD0EI7Idy1MhDMtdoi2wgWtoKFldzNwupbvO_zzjPF8wzP3NhodhGFhu9cOOvWbJ7z49EQD169bAvlOj84d2lA8BCfGFy2RcxODFbnrWrfIJQN8bHBe1qO3PEQE4wJJoNTttLGrR7fY8GW9zIyzPCQhUMSMVit_rv7JgDPA1DtLnoerJo985v5GKycQjH-9qT2o9qVr787bnJeuwpatfVRMSpcV8D4AJoqAFNs7d8G52cIfb0ArtjadwCu3Zw7AGFnaOHoExDF1r5MEO2tp0pFDroAoY5A105B59tg-RSkuw5WPUYAUsG581CMb59zVcevPmX5nJ2hw3_9CbabocNPXoRifH8pt6uDiy5vausKD6umB7s6BbsyhbLZhnotANttg6w_A6seIfzSESjGd993rR0NWl2NwKqdV0KKFYmwWcxYhhcZp3xRaJ4upsTokGQ0C9Nw76GsmQL3C9D4ABobQGMCaMoAxmpnwHDKJOE0NpmSCWacMaUFztIQY57JBBo5d7AOdbkOMl8HWV2DsroGI_vVDKG_P5wh9OiPGUI3KFTNA_BXdn4wOgsTwzKGtcoUp6GUOOJEy1TFqaJpYiIsOU9SGVISZYQyghOpwlCIxChsUsWkEVKkkitNUkZNKEPBaJxgwXAS0kiYWKSYMZWQJAlFRqJYZ2mUcUqo0EbzRGQyShkmTGsRUUZJJoRhjGWRUYRlmskwYSQ0CdMpiZmRCrwKwNcIWtVDpxF0HkHHEXQWQVcj6Nr-lsp96PvbKveNIPsz3J-0n7h6ZYPfcvWKLhDwah0q1W_a8lN_HWR9aLJmvJq4eeOi7idcqH6j3EXPzSMS3ClrGOmdQYTTOJKpzkyKI0ljFcc8CnUc6lSnhiXgbQ_WLwD3AazZGVpO3oLSztCxLx-A4Nvg822Q9lngzQB4N6EhBn4FIgxrxf2RVtwKN9LlULoxKNdDWR-G-mqwke-iFybLl5Ye7AX2zNnPQcuHaL9AVj2UVQ-f2J8QrOQ3J8uuQ5vLrvPou_Nlbcd2jc_DfLHmtf7f3Q_01c5V6vRJv37nbTkn5vDeJe3rM7xQtljx6Jslq5SuTrlKavTjaX9ZiwuNv7LUVEVTnrnwzqnT47LS3ltXTIHbx_pnkHaG_v97u_dNX_viKMjyGvjyQKV3CESJILcIcn1wzkUP_l-7OMAb_iasVAHw-joU4x7aqoc274Hn6-CbQ5O6rB6--SvdKxB5MBF5hTZFXs15uzMwVIcS4zSJCU2NJpQpaaKUZSrmmFINtZ_Zl7__5Z8AAAD__3v01hpEBQAA HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl27881586=1; pdhtkv32=true; uncs32=1; u_pl27881588=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9dfefbeeb4fc7d5f9c64a34072c3fe43\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":341,"timings":{"blocked":244,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.251.38.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.791Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:58 GMT","end":"Mon, 19 Jan 2026 08:34:57 GMT"},"fingerprint":{"sha1":"56:14:7E:EF:FA:D2:CF:DD:3B:30:9C:AE:7A:C9:AD:9E:A7:87:3D:E9","sha256":"72:DD:0F:82:4D:8A:09:2D:BB:5B:E6:1B:6F:09:F8:1E:BD:BD:D3:3E:B8:A4:8C:B9:49:13:4D:DC:D7:EF:EA:77"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 23 Nov 2025 07:20:49 GMT\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-05-28T13:25:58.724835Z","times_seen":6027,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":152,"dns":2,"connect":7,"send":0,"wait":19,"receive":0,"ssl":143},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/navigation.js?ver=1.0.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/js/navigation.js?ver=1.0.0 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 1394\r\netag: \"1194-69164b1f-182a7b;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ChsIo%2BnEQpiTBnWkQ2kNZTC31MojXC%2FmCkMNX9%2BLcXt7Q9Qc85Uz1tz7OEq39wWFodkBDp9dMAubbnyA47%2FEGpWdjHmvE%2FyNC3jlPQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f22ddb56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":4500,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"eca10535dd65f4979e3b3ad3ec8e02c2","sha1":"54c38c3bf24825e407741ef0e316f678a5b580db","sha256":"802bc6725fd37d15aa9d599fa3f921fca0d4c585162c7b23da8ccd6f3ded751d","sha512":"680521331d53bb6b47390979cbb907f78607dc713d99405ea8664d401b8e9e3106bca7111c1142d8abb4a5d71a7957998ada61407432f084648bba32ed8e1d27","ssdeep":"96:wqduIPMiXjA1L1AWeyQqECAvBvRgY31rr/qBvHsMTFsPFxLdY0fdKI:wktP/W1Henqxy1R31/iRHsIFiFPBkI","tlshash":"7c91318aff88217b71b7326a697f61ed373844339a085c22f874d1a03d9446406bafdd","first_seen":"2023-03-07T01:26:46Z","last_seen":"2026-06-09T23:41:36.651054Z","times_seen":3898,"resource_available":true,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.452Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 32350b97deab352bc6a508de8d3e3a95\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":594,"timings":{"blocked":312,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/589.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.511Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/589.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/606.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/606.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 36827\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"8fdb-6908fce7-17b37f;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IxuegHJnwC3S59P1M79m4rKj%2BhIFWuVpQzgPMVjaz5p4sOuAsKsci986GB0CB1mM%2B83Kg0yzmXKvKKGqufgmr%2FLRo5X83nLGa4b9bg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7b9f156a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":36827,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"9c10d0e3ecb741f053b8c7ed697586f8","sha1":"dfc4c5219cb19f568d11bd838361eaba0a094f2c","sha256":"5e70b6e015265794dda826eef02d4988467a852c0b6822d7751fca31ae4dab3f","sha512":"3beebc3b4c72ef2a0254ef76bde5b6861a32da48caad50665e9848ea8ca477a7e7145777d72a65a61b138da51033264324d33f81a0724088a94346592f102f69","ssdeep":"768:QuWX86w1XOwSGcAIWXHS0iPziotbSlpw4/S78yxF094byvwggP13roSsfvIWsWaD:QuWe1tVj3oJhxpxF094htoSsYWOz4qh9","tlshash":"72f2f15bbdb00413883a7ba18de2599ff05783e2c9d4723f95c0688f86c1b6409fbb55","first_seen":"2025-11-23T07:21:30.124167Z","last_seen":"2025-11-23T07:21:30.124167Z","times_seen":1,"resource_available":false,"data":null}},"time_used":44,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":13,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RTvY8cxRPtvd_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQj3dPXfNzk4P3fNx3giwsCwCtEgEQMLs2_WdbSwLAiIwMmsSZAnJG3GBL-EvQEjEaO5WOqjgVdV7E1S9qb4yLnaJh4LunHtTDWWS0GPdjm09e1GmXFXGOnPBcuyOfdy6KNPAP25tNqDLFxzP79hHrdcE66tjru3YtmM71kmpRaw2j-2pkNmt0OmEdsd3O07Xx6b-b2-KJRi6BF7uksch-fyRP-K3IdkM6eDbE8L0c5U9_-qgSGiuNEq-_VbaT1WVYnBQxrqFON1efA1l5oR8sQSVbi82gCqnzQaI5JwsPfkQUbq9GBNReW1_0iiBSBHxw6jKGUQyg6QzMHUZkj8gAOM4cxbpYOuM0hW9tK_SRp2T9t9_QVZz0n74BNLB7dVEblrnVVLkUqUGm3ENuTmDXJ8hK2bIhy3I6h5Y_hEk_43YTx1GOrj5uipl3yqF7kPynWdcz-ZO146XQz-0l33q0eVI0N5yz4mF64Re6PbcPaNkPAM1SyhMC4VsoYhbKLIWBnzH8u2ezxzqBXHI2YrtU9_nIrLDnmvbNGQrKFizwQh5NgJLRmD6462Mb-T9cprrQkyLlJmxc32f8sM9cqsh_XDs3CrezRJ3pddzuqEzdpDpD69zb0V4EfPHFH352ZyQKx50cRdmo4bhLZicoOQ1KkFQGYKKElSSoMoJqrK-xhPjmnqLJ6aInEV2F9mrJypfH9NrKl8XKQHVI2heT2X2vrkMlv9vMowNn6gGaJTXExrxepztkseav9S6kVXoix3LczmNWRQHPAjCgHW9gHYpY8wNOLcF9WBkDWmWQE0LQzknaysvIZNzcvTTu4joPZjkHph8FLRwQKsadKPGML3dF5zKSPVF1mFqAK5qZHkb-aXWONklRyZrF1bv7p3LO7_fgWD3ySLAdI1M13hP_kKwnlydrKmKTNdUZch3Z7NcDuSQNqd0Pqe5-P_NN8SlSml-6oQZ3XiZNUJT3rogTH6aplym64Z8syo5F_qk0kyQO6fMRRGdK8zGaqHTIjt97pWTpwaZFsZIlc5A5Zwc-vMTMDknR376eu-ZdJ97CJZ9AJMdzGkUQZS1kUiCRBzwNKph_tVHB_XYXMW6boPml5EOapS6RpnUoMkIpjg0yTN9_8Vfv2ziK0RJexIluj2NEp183vj0QwM_N_Djvm1G7lhdN_KCXi8QccBjj3uux8OuLUKfhoEf-l3kZi6f_v7BPwEAAP__sbREJNgEAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.469Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTvY8cxRPtvd_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQj3dPXfNzk4P3fNx3giwsCwCtEgEQMLs2_WdbSwLAiIwMmsSZAnJG3GBL-EvQEjEaO5WOqjgVdV7E1S9qb4yLnaJh4LunHtTDWWS0GPdjm09e1GmXFXGOnPBcuyOfdy6KNPAP25tNqDLFxzP79hHrdcE66tjru3YtmM71kmpRaw2j-2pkNmt0OmEdsd3O07Xx6b-b2-KJRi6BF7uksch-fyRP-K3IdkM6eDbE8L0c5U9_-qgSGiuNEq-_VbaT1WVYnBQxrqFON1efA1l5oR8sQSVbi82gCqnzQaI5JwsPfkQUbq9GBNReW1_0iiBSBHxw6jKGUQyg6QzMHUZkj8gAOM4cxbpYOuM0hW9tK_SRp2T9t9_QVZz0n74BNLB7dVEblrnVVLkUqUGm3ENuTmDXJ8hK2bIhy3I6h5Y_hEk_43YTx1GOrj5uipl3yqF7kPynWdcz-ZO146XQz-0l33q0eVI0N5yz4mF64Re6PbcPaNkPAM1SyhMC4VsoYhbKLIWBnzH8u2ezxzqBXHI2YrtU9_nIrLDnmvbNGQrKFizwQh5NgJLRmD6462Mb-T9cprrQkyLlJmxc32f8sM9cqsh_XDs3CrezRJ3pddzuqEzdpDpD69zb0V4EfPHFH352ZyQKx50cRdmo4bhLZicoOQ1KkFQGYKKElSSoMoJqrK-xhPjmnqLJ6aInEV2F9mrJypfH9NrKl8XKQHVI2heT2X2vrkMlv9vMowNn6gGaJTXExrxepztkseav9S6kVXoix3LczmNWRQHPAjCgHW9gHYpY8wNOLcF9WBkDWmWQE0LQzknaysvIZNzcvTTu4joPZjkHph8FLRwQKsadKPGML3dF5zKSPVF1mFqAK5qZHkb-aXWONklRyZrF1bv7p3LO7_fgWD3ySLAdI1M13hP_kKwnlydrKmKTNdUZch3Z7NcDuSQNqd0Pqe5-P_NN8SlSml-6oQZ3XiZNUJT3rogTH6aplym64Z8syo5F_qk0kyQO6fMRRGdK8zGaqHTIjt97pWTpwaZFsZIlc5A5Zwc-vMTMDknR376eu-ZdJ97CJZ9AJMdzGkUQZS1kUiCRBzwNKph_tVHB_XYXMW6boPml5EOapS6RpnUoMkIpjg0yTN9_8Vfv2ziK0RJexIluj2NEp183vj0QwM_N_Djvm1G7lhdN_KCXi8QccBjj3uux8OuLUKfhoEf-l3kZi6f_v7BPwEAAP__sbREJNgEAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 203da75d90caa15b87549c042b5f0e3c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":270,"timings":{"blocked":170,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=230d150f-9490-4a3a-bea8-81fe21939282\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=8e2c5d0a9e14a08bcedae6c1b8957fa4\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.638Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=230d150f-9490-4a3a-bea8-81fe21939282\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=8e2c5d0a9e14a08bcedae6c1b8957fa4\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 115a69a23b857511865dc16401b3110d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":713,"timings":{"blocked":309,"dns":14,"connect":94,"send":0,"wait":95,"receive":0,"ssl":194},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1367.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.644Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1367.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 23949\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"5d8d-6920f7a7-401b;;;\"\r\nlast-modified: Fri, 21 Nov 2025 23:37:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MDVezxmxYemVKw0opZ7LVABeC%2BvzBX1Zz5HjgAtwomoXnbhk1TB5ysKwhd7CWQPoVFYnJrxTvesibbFKNun1xqkUxPoo1tEEbImwag%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0756a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":23949,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"34a46c442d03ce7c0092a4288792f727","sha1":"74f895d484159d9f6006e89bd134251e4a586c6e","sha256":"d0e2a18b4404f121262022bfd1e5b0f63de191564e362b03b4e9a5e924b1f734","sha512":"e396f925dc2963e256dae92182ce2583d67d1ca0593dcfc65692ee5977757bf30ada61e7425b04b981fd892b0953c4fa201e7d811859a81862a9bfbed44c3335","ssdeep":"384:WkN4oka3hTIJErnrAhJwT7kfiOdDjA8j+oGJiXLCyKAldFC5LRbVWcgc+tUb2:LiokQTsErnkhJwTQ3O8xRLyAHFC5+tE2","tlshash":"11b2e027327922391269ef1d0defbe3ba2771ad858d0669eee820de50944c925b0720c","first_seen":"2025-11-23T07:21:30.125735Z","last_seen":"2025-11-23T07:21:30.125735Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQClmZ2ad4fZ2lpn94bgKRIoiCmQkCqBh750TkxBFUFAhInOmQZFA2QLhIpYQfwFCokbrnGT4iu97374t3nvzXR2Xu8RHSXfOvK3WZJrSI_2eYz9_XmZc1cY-dc52nZ5z1D4vszA4aq92TVcvuX7Qcw7bbwg2VEc8x3Uc13Ht41KLRK0e2WMh89uR24ucXuD13H6AVf3_3ZQWDLXAq13yJCRvH_szeReSTZGNvjkmzLBQ-Yuvj8qUFkqj4pvvZMNM1RlG-zDRFpJsc_Y3lGkJ-WwOKtucOYCqNjoHiGVL5p5-gDjbnMlEXF1_qDROITLE_CDqagqRTiHpFExdgeT3CcA4Tp1GNrpxSumaXnrI0o5tyfw_f0PWLZl_8BSy0Z2lVK7aZ1VaFlJlBqtJA7k6hVyZIi-3UaxZkPU2WPEhJP-FOM8cRDa69aaq5NCuhB5C8p3nPN_hbt9JFqIgchYC6tOFWNDBwsBNhOdGfuQNvL2gZDIFNXMojYVSWigTC2VuYcR37MAZBMylfphEnC06AQ0CLmInGniOQyO2iJJ1DtZR5Otg6TqYvoxcf_AV9xeFH7NgTDGUn7SEXPWhyy2Yiw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmOk-NZ5obPDVl7M6mN5t-M1HFypheV8WKyAioXofmzYbM3zdXwIpHJmuJ4RPVNRoXzYTGvBnnu-SJLmzrZl5jKHZs3-M0YXES8jCMQtb3Q9qnjDEv5NwR1IeRDaSZAzUW1mRLlhdfQS5bcvjjLcR0GybdBpOPg5YuaN2AXmywlt0ZCk5lrIYi7zE1AlcN8mIexSVrnO6SQ5Plc0tbe69-4fcfIdg9Misw3SDXDd6TPxGspNcmy6omG8uqNuTb03khR3KNdhdxtqCFePTWW-JSrTQ_ccys33yVdUQHb58TpjhJMy6zFUO-XpKcC31caSbIDyfMeRGfKc3FpVJnZX7yzGvHT4xyLYyRKpuCypYc-OsjMNmSQ3e_3Lv2_gt_gOWXYfJ9nUYRxPkcUkmQiv3vNG5g_rPH-3hsrmFFz4MWV5CNGlS6QZU2oOk6THlgUuT63ss_f97VF4jT-Umc6vmNONXpp11Od_fC6tr3Lbnw268wcsfue7EfDgahSEKe-Nz3fB71HREFNAqDKOijMK189rv7_wYAAP__GNQ8n58EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.492Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQClmZ2ad4fZ2lpn94bgKRIoiCmQkCqBh750TkxBFUFAhInOmQZFA2QLhIpYQfwFCokbrnGT4iu97374t3nvzXR2Xu8RHSXfOvK3WZJrSI_2eYz9_XmZc1cY-dc52nZ5z1D4vszA4aq92TVcvuX7Qcw7bbwg2VEc8x3Uc13Ht41KLRK0e2WMh89uR24ucXuD13H6AVf3_3ZQWDLXAq13yJCRvH_szeReSTZGNvjkmzLBQ-Yuvj8qUFkqj4pvvZMNM1RlG-zDRFpJsc_Y3lGkJ-WwOKtucOYCqNjoHiGVL5p5-gDjbnMlEXF1_qDROITLE_CDqagqRTiHpFExdgeT3CcA4Tp1GNrpxSumaXnrI0o5tyfw_f0PWLZl_8BSy0Z2lVK7aZ1VaFlJlBqtJA7k6hVyZIi-3UaxZkPU2WPEhJP-FOM8cRDa69aaq5NCuhB5C8p3nPN_hbt9JFqIgchYC6tOFWNDBwsBNhOdGfuQNvL2gZDIFNXMojYVSWigTC2VuYcR37MAZBMylfphEnC06AQ0CLmInGniOQyO2iJJ1DtZR5Otg6TqYvoxcf_AV9xeFH7NgTDGUn7SEXPWhyy2Yiw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmOk-NZ5obPDVl7M6mN5t-M1HFypheV8WKyAioXofmzYbM3zdXwIpHJmuJ4RPVNRoXzYTGvBnnu-SJLmzrZl5jKHZs3-M0YXES8jCMQtb3Q9qnjDEv5NwR1IeRDaSZAzUW1mRLlhdfQS5bcvjjLcR0GybdBpOPg5YuaN2AXmywlt0ZCk5lrIYi7zE1AlcN8mIexSVrnO6SQ5Plc0tbe69-4fcfIdg9Misw3SDXDd6TPxGspNcmy6omG8uqNuTb03khR3KNdhdxtqCFePTWW-JSrTQ_ccys33yVdUQHb58TpjhJMy6zFUO-XpKcC31caSbIDyfMeRGfKc3FpVJnZX7yzGvHT4xyLYyRKpuCypYc-OsjMNmSQ3e_3Lv2_gt_gOWXYfJ9nUYRxPkcUkmQiv3vNG5g_rPH-3hsrmFFz4MWV5CNGlS6QZU2oOk6THlgUuT63ss_f97VF4jT-Umc6vmNONXpp11Od_fC6tr3Lbnw268wcsfue7EfDgahSEKe-Nz3fB71HREFNAqDKOijMK189rv7_wYAAP__GNQ8n58EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7858e7a55ad4890d8b44052741135c52\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":262,"timings":{"blocked":160,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIAKs0x4EyBKSN-ICX8JfgJCI0ZxXOnhBvfemJqiqftcm5R7xUdLdc2-rkUxTeqzbceznL8qMq9rYZy7YrtNxjtsXZRYGx-1hC7p6yfWDjnPUfkOwvjrmOa7juI5rn5RaJGp4bJ-FzO9EbidyOoHXcbsBhvq_uyktGGqBV3vkSUg-f-yP5F1INkM2-PaEMP1C5S--PihTWiiNim-9k_UzVWcYHIyJtpBkW4u_ocyckM-XoLKthQOoarN1gFjOydLTDxFnWwuZiKsbj5TGKUSGmB9GXc0g0hkknYGpq5D8AQEYx5mzyAY3zyhd08uPWNqyc7L891-Q9ZwsP3wK2eDuWiqH9nmVloVUmcEwaSCHM8iNGfJyB8XIgqx3wIqPIPlvxHnmMLLB7TdVJft2JXQfku8-5_kOd7tOshIFkbMSUJ-uxIL2VnpuIjw38iOv5-0HJZMZqFlCaSyU0kKZWChzCwO-awdOL2Au9cMk4mzVCWgQcBE7Uc9zHBqxVZSsdTBGkY_B0jGYvoJcf_g191eFH7NgQtGXn84JueZDl9swlxoYbsEUBBVvUAuC2hDUlKCWBHVBUFfNDZ4azzQ3eWrK2F10b9H9ZqqKjQm9oYoNkRFQPYbmzabMPzBXwYr_TUeJ4VPVAo2LZkpj3kzyPfJEG7Z1K6_RF7u273GasDgJeRhGIev6Ie1SxpgXcu4I6sPIBtIsgRoLIzkn66uvIJdzcvSTbcR0BybdAZOPg5YuaN2AXmowyu72BacyVn2Rd5gagKsGebGM4rI1SffIken6hbXt_Vd_7_d7EOw-WRSYbpDrBu_Lnwk20uvTdVWTzXVVG_Ld2byQAzmi7UWcL2gh_n_7LXG5VpqfOmHGt15lLdGOdy4IU5ymGZfZhiHfrEnOhT6pNBPkp1PmoojPlebSWqmzMj997rWTpwa5FsZIlc1A5Zwc-vNjMDknR-59tX_t3Rf2wPIrMPmBTqMI4txCKglScfCdxg3Mv_b4YJ6Y69jQy6DFVWSDBpVuUKUNaDqGKQ9Ni1zff_nXL9r6EnG6PI1TvbwZpzr9bD-nFn5s4ZcWfoCRu3bXi_2w1wtFEvLE577n86jriCigURhEQReFmctnv3_wTwAAAP__UV0eKZ8EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.363Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIAKs0x4EyBKSN-ICX8JfgJCI0ZxXOnhBvfemJqiqftcm5R7xUdLdc2-rkUxTeqzbceznL8qMq9rYZy7YrtNxjtsXZRYGx-1hC7p6yfWDjnPUfkOwvjrmOa7juI5rn5RaJGp4bJ-FzO9EbidyOoHXcbsBhvq_uyktGGqBV3vkSUg-f-yP5F1INkM2-PaEMP1C5S--PihTWiiNim-9k_UzVWcYHIyJtpBkW4u_ocyckM-XoLKthQOoarN1gFjOydLTDxFnWwuZiKsbj5TGKUSGmB9GXc0g0hkknYGpq5D8AQEYx5mzyAY3zyhd08uPWNqyc7L891-Q9ZwsP3wK2eDuWiqH9nmVloVUmcEwaSCHM8iNGfJyB8XIgqx3wIqPIPlvxHnmMLLB7TdVJft2JXQfku8-5_kOd7tOshIFkbMSUJ-uxIL2VnpuIjw38iOv5-0HJZMZqFlCaSyU0kKZWChzCwO-awdOL2Au9cMk4mzVCWgQcBE7Uc9zHBqxVZSsdTBGkY_B0jGYvoJcf_g191eFH7NgQtGXn84JueZDl9swlxoYbsEUBBVvUAuC2hDUlKCWBHVBUFfNDZ4azzQ3eWrK2F10b9H9ZqqKjQm9oYoNkRFQPYbmzabMPzBXwYr_TUeJ4VPVAo2LZkpj3kzyPfJEG7Z1K6_RF7u273GasDgJeRhGIev6Ie1SxpgXcu4I6sPIBtIsgRoLIzkn66uvIJdzcvSTbcR0BybdAZOPg5YuaN2AXmowyu72BacyVn2Rd5gagKsGebGM4rI1SffIken6hbXt_Vd_7_d7EOw-WRSYbpDrBu_Lnwk20uvTdVWTzXVVG_Ld2byQAzmi7UWcL2gh_n_7LXG5VpqfOmHGt15lLdGOdy4IU5ymGZfZhiHfrEnOhT6pNBPkp1PmoojPlebSWqmzMj997rWTpwa5FsZIlc1A5Zwc-vNjMDknR-59tX_t3Rf2wPIrMPmBTqMI4txCKglScfCdxg3Mv_b4YJ6Y69jQy6DFVWSDBpVuUKUNaDqGKQ9Ni1zff_nXL9r6EnG6PI1TvbwZpzr9bD-nFn5s4ZcWfoCRu3bXi_2w1wtFEvLE577n86jriCigURhEQReFmctnv3_wTwAAAP__UV0eKZ8EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 53df233f8ba54f4be6baa2f2a0e8b6a7\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":165,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/2a/98/25/2a982554464cf4caa81f8b9825a59bce/1708592884.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.562Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/2a/98/25/2a982554464cf4caa81f8b9825a59bce/1708592884.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 94612\r\nserver: nginx/1.21.6\r\nlast-modified: Thu, 22 Feb 2024 09:08:13 GMT\r\netag: \"65d70efd-17194\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":94612,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 300x250, components 3","md5":"776f9331634d54eb224748785d1c3309","sha1":"538d49c598d13d35396b141e05d6ab8f7ab3387c","sha256":"71016d036259dae48479b46a021f7e9858d51010bde80194da5c6330fc9f76ab","sha512":"f921b178819e4cafb273d730919702451fd225ac337053860dedc1d866b4542e2e934714c13dc89a8c9585ce603bac3229e46e2bea4b9c22d0e02caa8643246f","ssdeep":"1536:B9FBeGImCkcR9Ym36j6AbcFgV9bKfNkgGVEr/dVoUVNS4QnEAaDs/1pIygu:B9fxImARSm0bfV9QdcW1HNInEXDsNgu","tlshash":"a69302814a2bd0eb41d80977c105ec623ffa77187a472267497bfa1f86faf260215cd9","first_seen":"2024-02-25T12:12:19Z","last_seen":"2026-05-07T21:15:40.776242Z","times_seen":107,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":113,"dns":0,"connect":0,"send":0,"wait":88,"receive":96,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1STO2wcRRjHZ52IJkV4ibQnREGk-DKPvdsdUgAmGCJCYpxACqp5OsPt7Sw7u7eOq4hIUSpkiYZy_Z0TKyEKUECHZJ2piBSRS2WJuKGjoEGioELnWDJ8xfeY3xTff_Sfmxv1HmJQi92lD_2ayzJxutfFndevuFz7JnQuXO4Q3MVnOldc3o_PdFZnqRy9QVjcxSc77xk18KcpJhgTTDqLrjTWr57ep-CK-5x0Oe7GtEt6MayW_59DHUEQEejRHnoRnJ4e_91-Ck5NIB9-d9aEQeWLU-8O60xUvoSR3vo4H-S-yWF42NoyAptvHdwGH6YIfT0HPt86UAB-tDlTANJN0dwrT0HmWwdrghzdfrapzMDkIPUxaEYTMNkOODEB5W-A048RgNJw4SLkwzsXfNmIa8-omNEpOvr3X-CaKTr69GXIhw8WMrfaueSzunI-D7BqW3CrE3ArEyjqHajWInDNDqjqC3D6EcInjkE-vPe-H7lBZ2TKATi9-xplWJMetvM85ng-FkzMSyPS-ZRYQwlnnKZ0_6GcnYAIc1CHCGoXQW0jqIsIhnq3E-M0VkSwvuVaJTgWcayNxDylGAuuEqjVTME6VMU6qGwdVHkdivI6DNxXU4T--WiK0KM_pgjdZFDW2xCu7v7Yp1xxnRJsVT_lVrF-jAVJVZLQ2FAtrNCCYS11X1ibEKsx0zrtUyYs54QorRlVMYl1avsx5yzWWlDdo5alNhUcC8IsZoTY1PZILDFLZWpirLiKpSK4l_SlZqkhtq8TKnsE09RoJcQMEckJjylJqEp6ieZcpZyalKUUgo4gVAhGuoXGIGgCgkYgaByCpkLQjNrbOgs0tHd0FmpJDio9qKwd-2plQ9z21YrJEYhyHUrdbrri83ADVHVkvGaDHvtZErJqx0LqdqPYQy_MLBLdLWoYmN1OL050ajWTtmeUiHucUKYt5bqPhSEUQ3AtuDAHIkSw5qZoOXkLCjdFJ7_cBil2IGQ7oNzzIOoTIJpxQlMQV4FjWMsfDIwWTvqBKbrKD0H7ForqKFTXoo1sD700Xr68sL1v2KXFT8Coh-ggQJUtFGULn7mfEaxkt8bLvkGby74J6PuLReWGbk3MzHypEpV57t4H5lrjS33ubFi_-7aagVl7_7IJ1XmRa5evBPTNgtPalIu-VAb9dC5cMXKpDlcX6jKvi_NL7yyeGxalCcH5fALCPTa_gHJTdPzP3_a_6akn34IqrkMoDrcMHoEsEGQOQWYOz4VsIfxnlof9RrgFK2UEoroB-bCFUdnCKGtBZOsQ6iPjqigfvvmE7QfILBrLrESbMitn3O12LDNUYZwmfcJSawiLtbK9NOa6LzBjBqowda_-8Ou_AQAA__8toRiNRAUAAA==","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.572Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1STO2wcRRjHZ52IJkV4ibQnREGk-DKPvdsdUgAmGCJCYpxACqp5OsPt7Sw7u7eOq4hIUSpkiYZy_Z0TKyEKUECHZJ2piBSRS2WJuKGjoEGioELnWDJ8xfeY3xTff_Sfmxv1HmJQi92lD_2ayzJxutfFndevuFz7JnQuXO4Q3MVnOldc3o_PdFZnqRy9QVjcxSc77xk18KcpJhgTTDqLrjTWr57ep-CK-5x0Oe7GtEt6MayW_59DHUEQEejRHnoRnJ4e_91-Ck5NIB9-d9aEQeWLU-8O60xUvoSR3vo4H-S-yWF42NoyAptvHdwGH6YIfT0HPt86UAB-tDlTANJN0dwrT0HmWwdrghzdfrapzMDkIPUxaEYTMNkOODEB5W-A048RgNJw4SLkwzsXfNmIa8-omNEpOvr3X-CaKTr69GXIhw8WMrfaueSzunI-D7BqW3CrE3ArEyjqHajWInDNDqjqC3D6EcInjkE-vPe-H7lBZ2TKATi9-xplWJMetvM85ng-FkzMSyPS-ZRYQwlnnKZ0_6GcnYAIc1CHCGoXQW0jqIsIhnq3E-M0VkSwvuVaJTgWcayNxDylGAuuEqjVTME6VMU6qGwdVHkdivI6DNxXU4T--WiK0KM_pgjdZFDW2xCu7v7Yp1xxnRJsVT_lVrF-jAVJVZLQ2FAtrNCCYS11X1ibEKsx0zrtUyYs54QorRlVMYl1avsx5yzWWlDdo5alNhUcC8IsZoTY1PZILDFLZWpirLiKpSK4l_SlZqkhtq8TKnsE09RoJcQMEckJjylJqEp6ieZcpZyalKUUgo4gVAhGuoXGIGgCgkYgaByCpkLQjNrbOgs0tHd0FmpJDio9qKwd-2plQ9z21YrJEYhyHUrdbrri83ADVHVkvGaDHvtZErJqx0LqdqPYQy_MLBLdLWoYmN1OL050ajWTtmeUiHucUKYt5bqPhSEUQ3AtuDAHIkSw5qZoOXkLCjdFJ7_cBil2IGQ7oNzzIOoTIJpxQlMQV4FjWMsfDIwWTvqBKbrKD0H7ForqKFTXoo1sD700Xr68sL1v2KXFT8Coh-ggQJUtFGULn7mfEaxkt8bLvkGby74J6PuLReWGbk3MzHypEpV57t4H5lrjS33ubFi_-7aagVl7_7IJ1XmRa5evBPTNgtPalIu-VAb9dC5cMXKpDlcX6jKvi_NL7yyeGxalCcH5fALCPTa_gHJTdPzP3_a_6akn34IqrkMoDrcMHoEsEGQOQWYOz4VsIfxnlof9RrgFK2UEoroB-bCFUdnCKGtBZOsQ6iPjqigfvvmE7QfILBrLrESbMitn3O12LDNUYZwmfcJSawiLtbK9NOa6LzBjBqowda_-8Ou_AQAA__8toRiNRAUAAA== HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c2b2b685d0154e6eb8ce86129f664422\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":237,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/42/9d/39/429d39c381ed333edc13827196e894b4/1708270395.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.588Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/42/9d/39/429d39c381ed333edc13827196e894b4/1708270395.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 38953\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 18 Feb 2024 15:33:24 GMT\r\netag: \"65d22344-9829\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38953,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:18 16:14:48], progressive, precision 8, 320x50, components 3","md5":"263f39132887c7add9bcf040df119271","sha1":"23e11d4587d65cf9e1a634f357e34c90023ea716","sha256":"aba32ac81423e3689fb90338e51fbdf841d9aa5ddcb38f485be2fdd17efd1597","sha512":"f5ef43e33d6ea4128a333392a29b9336c661db62457cada0082273d05edb27fd024d586b2b6cc1b41762f3f773d6d3187fabe67ef66b5bc05f95c715f55246ac","ssdeep":"768:2kgNiLkAprm8i0ESygFW1m8E4A35OxA9/MPoYWuxkgCVBgPLw4N+:2kgAkAprm8zESpFIm/LpOxA9/jYyzgP2","tlshash":"d703e02daf639f00fac96231e5b4d6823222bf00b7a75549785c606efb717d1ae18303","first_seen":"2024-02-20T04:12:06Z","last_seen":"2026-06-06T15:10:19.698047Z","times_seen":557,"resource_available":false,"data":null}},"time_used":262,"timings":{"blocked":88,"dns":0,"connect":0,"send":0,"wait":88,"receive":86,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:50 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=GT-W6JKBDF6","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:43 GMT","end":"Mon, 19 Jan 2026 08:33:42 GMT"},"fingerprint":{"sha1":"4E:9E:D1:61:E4:7D:C2:8A:B6:AD:D2:31:C7:07:01:E4:DB:A0:A7:A9","sha256":"C5:DD:D4:CA:97:B7:B5:8C:B4:99:E8:56:30:AC:1B:F0:FD:7C:5A:FD:19:ED:13:D0:27:D6:0B:76:C7:C7:A0:66"}}},"request":{"raw":"GET /gtag/js?id=GT-W6JKBDF6 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\nexpires: Sun, 23 Nov 2025 07:20:47 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 143214\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":430868,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"533a64689bfef45f9c74b7d62592a848","sha1":"eb839334c8cf26abac7aa98f24c13c4d4ea17490","sha256":"fa37e0e0cdc440a0155eb96657bd9e91b4c274ed3656344feb428813f1e0bd26","sha512":"c8c6540dd8ee639b585c43aab8351d1674b1d69ca4359ac5960c47d1932b6b979539703796b2c783e19ffe66126912630c3c43b57a218507493aaf5d880c40d1","ssdeep":"6144:NJyYBUKitJeUI2XVUULUVWo6O7GQEO7QZ2ElVFBoOr+Lu:DyMDi2UnVUUtO7QZ/","tlshash":"8c941ace73d674265396f078502f018ba57b28a2b44cc896f1c9cde12e74a9a4277f7c","first_seen":"2025-11-23T07:21:30.129202Z","last_seen":"2025-11-23T07:21:30.129202Z","times_seen":1,"resource_available":true,"data":null}},"time_used":350,"timings":{"blocked":113,"dns":0,"connect":21,"send":0,"wait":48,"receive":59,"ssl":106},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/604.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/604.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":41,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/538.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.521Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/538.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1320.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.653Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1320.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 27650\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"6c02-6920f7b3-404e;;;\"\r\nlast-modified: Fri, 21 Nov 2025 23:37:23 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=1V692LLVWDcZ9nQo8rHuzbWvVxBC781MKSg1%2BLcS2BiQk9WeN252BzrrKsF%2FN%2Bml2d6HLOFLwMx%2F3PP9VHuxflBpArDxlwXwBFyMyA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0b56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27650,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], baseline, precision 8, 640x360, components 3","md5":"289c63fb98a4438ef1a8032d8250279a","sha1":"aab4ed26b1f7af9e8031d9e1bcb8b40446a7f8a2","sha256":"2df08d4d37235100403bdf67832ec4ef26be05fb626ecf1bda1afbf39d39b6ce","sha512":"30f09100d578b52ca6155fc70fc1dce0af0cb0dbf2848455db10caf902a0327acba34fba3cc6dc7ed7be94ee45e538936e575f42535b8731cb7e3bcb3f5db8aa","ssdeep":"384:NdojWZKVHvUdcnIAyWo5ovvmKL/wvydimoQqstNQqTVAfEwHTD6E:QSklcdcnINV2vvXLIKhoQdtnA8wzD5","tlshash":"dfc2c079f96242a255d3f936accd083586b0587de4c188df38bd2c43af9079e1e68792","first_seen":"2025-11-23T07:21:30.130604Z","last_seen":"2025-11-23T07:21:30.130604Z","times_seen":1,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/98/4a/ea/984aea0590243673d8100824b542b2eb/1756662026.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/98/4a/ea/984aea0590243673d8100824b542b2eb/1756662026.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 54266\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:40:26 GMT\r\netag: \"68b4890a-d3fa\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":54266,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:29:30], progressive, precision 8, 320x240, components 3","md5":"61ed57bf223ebc615f8a1df5d6df4368","sha1":"efb61d1f59f6dcdb45ff2205a02ce0cd6d8577b1","sha256":"301c9c6b429a2b8c70326d0acd72bf1d503fdde4c081f8da9a71f60f90b27442","sha512":"d3323768584bf852bc18a08ebcff711b49c72b3797e973c18aee182e17d44da76937f8db37f17cbc6601e758d31e79c551fe825b153809d253d4effc00025d06","ssdeep":"768:XnaGnvGicnaGnvVhsSYymkxswdA5HURFmI2PI+KIaSMUeFBhMkIh:XbSbVVzmwdA5HURFL2PzMUeFbMkQ","tlshash":"dc33d128f3a2ef22f4d4fab55195e7a372259b2483d71b517c6d70593736090cc8e2c6","first_seen":"2025-09-02T17:23:30.730781Z","last_seen":"2026-05-24T00:35:06.918554Z","times_seen":1381,"resource_available":false,"data":null}},"time_used":1040,"timings":{"blocked":457,"dns":0,"connect":20,"send":0,"wait":63,"receive":56,"ssl":441},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSPW8dRRSdNRZFUvARBO0KURCEX_brrd-SAjAhEBGSyAlKgVLMzsw6w9u3s8zsh-MqECmKKJCRKICGfec5MQlRBAUdH9YzQkKRQNkCYYm44RcgJGq0zpMMt7j33D1bnHPmXh2Xu8RHSXfOvKnWZJrSI_2eYz97XmZc1cY-dc52nZ5z1D4vszA4aq92TVcvuH7Qcw7brwk2VEc8x3Uc13Ht41KLRK0e2WMh89uR24ucXuD13H6AVf3_3ZQWDLXAq13yOCRvH_kzeRuSTZGNvjomzLBQ-fOvjsqUFkqj4ptvZcNM1RlG-zDRFpJsc_Y3lGkJ-WQOKtucOYCqNjoHiGVL5p68jzjbnMlEXF1_oDROITLE_CDqagqRTiHpFExdgeT3CMA4Tp1GNrpxSumaXnrA0o5tyfw_f0PWLZm__wSy0Z2lVK7aZ1VaFlJlBqtJA7k6hVyZIi-3UaxZkPU2WPE-JP-FOE8dRDa69bqq5NCuhB5C8p1nPN_hbt9JFqIgchYC6tOFWNDBwsBNhOdGfuQNvL2gZDIFNXMojYVSWigTC2VuYcR37MAZBMylfphEnC06AQ0CLmInGniOQyO2iJJ1DtZR5Otg6TqYvoxcv_cF9xeFH7NgTDGUH7WEXPWhyy2Yiw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmOk-NZ5obPDVl7M6mN5t-M1HFypheV8WKyAioXofmzYbM3zVXwIqHJmuJ4RPVNRoXzYTGvBnnu-SxLmzrZl5jKHZs3-M0YXES8jCMQtb3Q9qnjDEv5NwR1IeRDaSZAzUW1mRLlhdfQi5bcvjDLcR0GybdBpOPgpYuaN2AXmywlt0ZCk5lrIYi7zE1AlcN8mIexSVrnO6SQ5Plc0tbe69-4fdvIdhdMisw3SDXDd6RPxKspNcmy6omG8uqNuTr03khR3KNdhdxtqCFePjWG-JSrTQ_ccys33yZdUQHb58TpjhJMy6zFUO-XJKcC31caSbIdyfMeRGfKc3FpVJnZX7yzCvHT4xyLYyRKpuCypYc-OsDMNmSQ99_vnft_ef-AMsvw-T7Oo0iiPM5pJIgFfvfadzA_GeP9_HYXMOKngctriAbNah0gyptQNN1mPLApMj13Rd__rSrzxCn85M41fMbcarTj7ucftoLq2s_tOTCb7_CyB2778V-OBiEIgl54nPf83nUd0QU0CgMoqCPwrTy6W_u_RsAAP__mHCzM58EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.325Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSPW8dRRSdNRZFUvARBO0KURCEX_brrd-SAjAhEBGSyAlKgVLMzsw6w9u3s8zsh-MqECmKKJCRKICGfec5MQlRBAUdH9YzQkKRQNkCYYm44RcgJGq0zpMMt7j33D1bnHPmXh2Xu8RHSXfOvKnWZJrSI_2eYz97XmZc1cY-dc52nZ5z1D4vszA4aq92TVcvuH7Qcw7brwk2VEc8x3Uc13Ht41KLRK0e2WMh89uR24ucXuD13H6AVf3_3ZQWDLXAq13yOCRvH_kzeRuSTZGNvjomzLBQ-fOvjsqUFkqj4ptvZcNM1RlG-zDRFpJsc_Y3lGkJ-WQOKtucOYCqNjoHiGVL5p68jzjbnMlEXF1_oDROITLE_CDqagqRTiHpFExdgeT3CMA4Tp1GNrpxSumaXnrA0o5tyfw_f0PWLZm__wSy0Z2lVK7aZ1VaFlJlBqtJA7k6hVyZIi-3UaxZkPU2WPE-JP-FOE8dRDa69bqq5NCuhB5C8p1nPN_hbt9JFqIgchYC6tOFWNDBwsBNhOdGfuQNvL2gZDIFNXMojYVSWigTC2VuYcR37MAZBMylfphEnC06AQ0CLmInGniOQyO2iJJ1DtZR5Otg6TqYvoxcv_cF9xeFH7NgTDGUH7WEXPWhyy2Yiw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmOk-NZ5obPDVl7M6mN5t-M1HFypheV8WKyAioXofmzYbM3zVXwIqHJmuJ4RPVNRoXzYTGvBnnu-SxLmzrZl5jKHZs3-M0YXES8jCMQtb3Q9qnjDEv5NwR1IeRDaSZAzUW1mRLlhdfQi5bcvjDLcR0GybdBpOPgpYuaN2AXmywlt0ZCk5lrIYi7zE1AlcN8mIexSVrnO6SQ5Plc0tbe69-4fdvIdhdMisw3SDXDd6RPxKspNcmy6omG8uqNuTr03khR3KNdhdxtqCFePjWG-JSrTQ_ccys33yZdUQHb58TpjhJMy6zFUO-XJKcC31caSbIdyfMeRGfKc3FpVJnZX7yzCvHT4xyLYyRKpuCypYc-OsDMNmSQ99_vnft_ef-AMsvw-T7Oo0iiPM5pJIgFfvfadzA_GeP9_HYXMOKngctriAbNah0gyptQNN1mPLApMj13Rd__rSrzxCn85M41fMbcarTj7ucftoLq2s_tOTCb7_CyB2778V-OBiEIgl54nPf83nUd0QU0CgMoqCPwrTy6W_u_RsAAP__mHCzM58EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b19cb5b24ef779191601564ab077759e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":228,"timings":{"blocked":132,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjYe4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowaNIZrkYEhPm5B7Yi_4DxsSz6WWS1e_wvu_r14f3Xn1XJ-Uu8VHSnbPvqZFMU3q023Hsly7IjKva2KfP267TcY7ZF2QWBsfsYQu6etX1g45zxH5bsL466jmu47iOa5-QWiRqeHSPhcxvR24ncjqB13G7AYb6_7spLRhqgVe75BlIPn_yj-QDSDZDNvjhuDD9QuWvvDUoU1oojYpvvZ_1M1VnGOyPibaQZFuLv6HMnJCvlqCyrYUDqGqzdYBYzsnSc48QZ1sLmYir64-VxilEhpgfQl3NINIZJJ2BqSuQ_CEBGMfpM8gGN04rXdNLj1nasnOy_M_fkPWcLD96Ftngzloqh_Y5lZaFVJnBMGkghzPIjRnychvFyIKst8GKTyH5b8R5_hCywa13VCX7diV0H5LvvOj5Dne7TrISBZGzElCfrsSC9lZ6biI8N_Ijr-ftBSWTGahZQmkslNJCmVgocwsDvmMHTi9gLvXDJOJs1QloEHARO1HPcxwasVWUrHUwRpGPwdIxmL6MXH_yHfdXhR-zYELRl1_MCbnqQ5f3YC42MNyCKQgq3qAWBLUhqClBLQnqgqCumus8NZ5pbvDUlLG76N6i-81UFRsTel0VGyIjoHoMzZtNmX9sroAVB6ajxPCpaoHGRTOlMW8m-S55ug3bupnX6Isd2_c4TVichDwMo5B1_ZB2KWPMCzl3BPVhZANplkCNhZGck_XV15HLOTny-T3EdBsm3QaTT4GWLmjdgF5sMMru9AWnMlZ9kXeYGoCrBnmxjOKSNUl3yeHp-vm1e3uv_uHv9yHYA7IoMN0g1w0-kvcJNtJr03VVk811VRvy45m8kAM5ou1FnCtoIZ649a64VCvNTx4345tvsJZox9vnhSlO0YzLbMOQ79ck50KfUJoJ8vNJc0HEZ0tzca3UWZmfOvvmiZODXAtjpMpmoHJODv71GZick8N3v9279u7Lf4Lll2HyfZ1GEcT5AaSSIBX732ncwPxnj_fnibmGDb0MWlxBNmhQ6QZV2oCmY5jy4LTI9YPXfv26rW8Qp8vTONXLm3Gq0y_bnH5p4e5eYi3MYOSO3fViP-z1QpGEPPG57_k86joiCmgUBlHQRWHm8oWfHv4bAAD__6ToT5qfBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjYe4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowaNIZrkYEhPm5B7Yi_4DxsSz6WWS1e_wvu_r14f3Xn1XJ-Uu8VHSnbPvqZFMU3q023Hsly7IjKva2KfP267TcY7ZF2QWBsfsYQu6etX1g45zxH5bsL466jmu47iOa5-QWiRqeHSPhcxvR24ncjqB13G7AYb6_7spLRhqgVe75BlIPn_yj-QDSDZDNvjhuDD9QuWvvDUoU1oojYpvvZ_1M1VnGOyPibaQZFuLv6HMnJCvlqCyrYUDqGqzdYBYzsnSc48QZ1sLmYir64-VxilEhpgfQl3NINIZJJ2BqSuQ_CEBGMfpM8gGN04rXdNLj1nasnOy_M_fkPWcLD96Ftngzloqh_Y5lZaFVJnBMGkghzPIjRnychvFyIKst8GKTyH5b8R5_hCywa13VCX7diV0H5LvvOj5Dne7TrISBZGzElCfrsSC9lZ6biI8N_Ijr-ftBSWTGahZQmkslNJCmVgocwsDvmMHTi9gLvXDJOJs1QloEHARO1HPcxwasVWUrHUwRpGPwdIxmL6MXH_yHfdXhR-zYELRl1_MCbnqQ5f3YC42MNyCKQgq3qAWBLUhqClBLQnqgqCumus8NZ5pbvDUlLG76N6i-81UFRsTel0VGyIjoHoMzZtNmX9sroAVB6ajxPCpaoHGRTOlMW8m-S55ug3bupnX6Isd2_c4TVichDwMo5B1_ZB2KWPMCzl3BPVhZANplkCNhZGck_XV15HLOTny-T3EdBsm3QaTT4GWLmjdgF5sMMru9AWnMlZ9kXeYGoCrBnmxjOKSNUl3yeHp-vm1e3uv_uHv9yHYA7IoMN0g1w0-kvcJNtJr03VVk811VRvy45m8kAM5ou1FnCtoIZ649a64VCvNTx4345tvsJZox9vnhSlO0YzLbMOQ79ck50KfUJoJ8vNJc0HEZ0tzca3UWZmfOvvmiZODXAtjpMpmoHJODv71GZick8N3v9279u7Lf4Lll2HyfZ1GEcT5AaSSIBX732ncwPxnj_fnibmGDb0MWlxBNmhQ6QZV2oCmY5jy4LTI9YPXfv26rW8Qp8vTONXLm3Gq0y_bnH5p4e5eYi3MYOSO3fViP-z1QpGEPPG57_k86joiCmgUBlHQRWHm8oWfHv4bAAD__6ToT5qfBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2674918931801aefc0bb298199aec008\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":430,"timings":{"blocked":331,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1RTTYgdRRetnoRvE_j-FF1k8xAXRpyXqu7q6m6zUMcYDebPSSQLV_U7KV-_rk5X_0xmFQyEgKADblz23DfJkBiCLnQnhDeuDATzXM0isxFcuBVcuJI3GRi9i3vP7dMU5xSnbm40uyiChu9cOOvWbJ7z4_EQD165bAvlOj84d2lA8BCfGFy2BaMnBqvzVrWvk4gO8bHBu1qO3PEQE4wJJoNTttLGrR7fY8GW9zMyzPCQhkMSU1it_rn7JgDPA1DtLvo_WDX7zy_mI7ByCsX465Paj2pXvvbOuMl57Spo1daHxahwXQHjA2iqAEyxtf83OD9D6MsFcMXWvgNw7ebcAQg7QwsvPAVRbO3LBNHefqZU5KALEOoIdO0UdL4Nlk9Buhtg1RMEIBWcOw_F-M45V3X82jOWz9kZOvzH72C7GTr89Hkoxg-Wcrs6uOjyprau8LBqerCrU7ArUyibbajXArDdNsj6E7DqMcIvHoFifO8919rRoNXVCKzaeVkLJROM48WUZGaREhYupkzGi0RIk8lYYU7V3kVZMwXuF6DxATQ2gMYE0JQBjNXOgOKUSsIjZrL5aZRTqrTAWRpizDOZQCPnDtahLtdB5usgq-tQVtdhZL-YIfTnBzOEHv82Q-hmBFXzEPyVne-oChkzgmDCJIu0VizBImGEpbHOlI4TziOSpDE2GKdYJxQzxlWmVMR5ilMcC8JUiBXBhGCpY421YjjKGDYGY50pTHgWszCUMtOGkkhxkgojmNA4MikxLBEUhzQjmEWJpKHGUlAZx0lieIJJSlWc0YgbmhIcZoomiqcKvArA1wha1UOnEXQeQccRdBZBVyPo2v62yn3o-zsq940g-zPcn1E_cfXKBr_t6hVdIODVOlSq37TlVX8DZH1osma8mrh546LuJ1yofqPcRf-bRyS4W16Fkd4ZMBFnmrEs0zRWKlKhIhmPY5NhikmkJXjbg_ULwH0Aa3aGlpM3obQzdOyzhyD4Nvh8G6T9L_DmKPBuQlkK_AowDGvFg5FW3Ao30uVQujEo10NZH4b6WrCR76LnJsuXlh7uBfbM2c9By0dov0BWPZRVDx_bHxCs5Lcmy65Dm8uu8-ib82Vtx3aNz8N8sea1_te99_W1zlXq9Em_fvctOSfm8P4l7eszvFC2WPHoqyWrlK5OuUpq9P1pf1mLC42_stRURVOeufD2qdPjstLeW1dMgdsn-keQdob-_Wu790xf_fQoyPI6-PJApXcIRIkgtwhyffCdix7833ZxgDf8LVipAuD1DSjGPbRVD23eA8_XwTeHJnVZPXrj52ivQOTBROQV2hR5NeftzsBEOpQYpwkjUWo0iaiSJk5pphjHUaSh9jP70rc__RUAAP__jyuA8UQFAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTTYgdRRetnoRvE_j-FF1k8xAXRpyXqu7q6m6zUMcYDebPSSQLV_U7KV-_rk5X_0xmFQyEgKADblz23DfJkBiCLnQnhDeuDATzXM0isxFcuBVcuJI3GRi9i3vP7dMU5xSnbm40uyiChu9cOOvWbJ7z4_EQD165bAvlOj84d2lA8BCfGFy2BaMnBqvzVrWvk4gO8bHBu1qO3PEQE4wJJoNTttLGrR7fY8GW9zMyzPCQhkMSU1it_rn7JgDPA1DtLvo_WDX7zy_mI7ByCsX465Paj2pXvvbOuMl57Spo1daHxahwXQHjA2iqAEyxtf83OD9D6MsFcMXWvgNw7ebcAQg7QwsvPAVRbO3LBNHefqZU5KALEOoIdO0UdL4Nlk9Buhtg1RMEIBWcOw_F-M45V3X82jOWz9kZOvzH72C7GTr89Hkoxg-Wcrs6uOjyprau8LBqerCrU7ArUyibbajXArDdNsj6E7DqMcIvHoFifO8919rRoNXVCKzaeVkLJROM48WUZGaREhYupkzGi0RIk8lYYU7V3kVZMwXuF6DxATQ2gMYE0JQBjNXOgOKUSsIjZrL5aZRTqrTAWRpizDOZQCPnDtahLtdB5usgq-tQVtdhZL-YIfTnBzOEHv82Q-hmBFXzEPyVne-oChkzgmDCJIu0VizBImGEpbHOlI4TziOSpDE2GKdYJxQzxlWmVMR5ilMcC8JUiBXBhGCpY421YjjKGDYGY50pTHgWszCUMtOGkkhxkgojmNA4MikxLBEUhzQjmEWJpKHGUlAZx0lieIJJSlWc0YgbmhIcZoomiqcKvArA1wha1UOnEXQeQccRdBZBVyPo2v62yn3o-zsq940g-zPcn1E_cfXKBr_t6hVdIODVOlSq37TlVX8DZH1osma8mrh546LuJ1yofqPcRf-bRyS4W16Fkd4ZMBFnmrEs0zRWKlKhIhmPY5NhikmkJXjbg_ULwH0Aa3aGlpM3obQzdOyzhyD4Nvh8G6T9L_DmKPBuQlkK_AowDGvFg5FW3Ao30uVQujEo10NZH4b6WrCR76LnJsuXlh7uBfbM2c9By0dov0BWPZRVDx_bHxCs5Lcmy65Dm8uu8-ib82Vtx3aNz8N8sea1_te99_W1zlXq9Em_fvctOSfm8P4l7eszvFC2WPHoqyWrlK5OuUpq9P1pf1mLC42_stRURVOeufD2qdPjstLeW1dMgdsn-keQdob-_Wu790xf_fQoyPI6-PJApXcIRIkgtwhyffCdix7833ZxgDf8LVipAuD1DSjGPbRVD23eA8_XwTeHJnVZPXrj52ivQOTBROQV2hR5NeftzsBEOpQYpwkjUWo0iaiSJk5pphjHUaSh9jP70rc__RUAAP__jyuA8UQFAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 1237563a6a48b9c2c1fb5a47a1f531f4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":311,"timings":{"blocked":216,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/604.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.634Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/604.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 39696\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"9b10-6908fce6-17abe4;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:10 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=6Uss7w58I6J5KQib0jJKzP92jbDXFejweB66qNi8ZcIvWcw704Emqgw57yQSp2OLQtG4BLKaEtqjbsUIMRBBr3P0mQRpEUBuu8Ge6w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7b9ea56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":39696,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"3b908e96e4e9328b9458a7e551c5b52e","sha1":"660038d0ae5d55f0c200a4aa39107fe92b9bb858","sha256":"f218e73d9fd755b6932707e246e27e1158bc8d2e03f8eac53f2c05f22a19e9b0","sha512":"f55e2c8311cca9487bb2a7b6553f248d312870eca92d5fbef2cf96ce980e1ddd66fafed2a4a70393e483cefe208db3c800ce654605e833b79809dd2a1836224c","ssdeep":"768:eZCtB4R/xeIt+OATrK3kVtg7nlAcegXh/JO3kaHnmSJ+hn:eZsrGl+B/OX5/O3kaHan","tlshash":"0103e26975b01fd118fefd2884b72d62ce7535b26c04c76c8e938352dd70886ed6b2a8","first_seen":"2025-11-23T07:21:30.134078Z","last_seen":"2025-11-23T07:21:30.134078Z","times_seen":1,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjYe4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowaOIs14MiQlzcg_shb_AmHg2vUyy-h3e9339-vDeq-_qpNwlPkq6c_Y9NZJpSo92O4790gWZcVUb-_R523U6zjH7gszC4Jg9bEFXr7p-0HGO2G8L1ldHPcd1HNdx7RNSi0QNj-6xkPntyO1ETifwOm43wFD_fzelBUMt8GqXPAPJ508-Sj6AZDNkgx-OC9MvVP7KW4MypYXSqPjW-1k_U3WGwf6YaAtJtrX4G8rMCflqCSrbWjiAqjZbB4jlnCw99xBxtrWQibi6_lhpnEJkiPkh1NUMIp1B0hmYugLJHxCAcZw-g2xw47TSNb30mKUtOyfL__wNWc_J8sNnkQ3urKVyaJ9TaVlIlRkMkwZyOIPcmCEvt1GMLMh6G6z4FJL_QZznDyEb3HpHVbJvV0L3IfnOi57vcLfrJCtREDkrAfXpSixob6XnJsJzIz_yet5eUDKZgZollMZCKS2UiYUytzDgO3bg9ALmUj9MIs5WnYAGARexE_U8x6ERW0XJWgdjFPkYLB2D6cvI9SffcX9V-DELJhR9-cWckKs-dHkP5mIDwy2YgqDiDWpBUBuCmhLUkqAuCOqquc5T45nmBk9NGbuL7i2630xVsTGh11WxITICqsfQvNmU-cfmClhxYDpKDJ-qFmhcNFMa82aS75Kn27Ctm3mNvtixfY_ThMVJyMMwClnXD2mXMsa8kHNHUB9GNpBmCdRYGMk5WV99HbmckyOf30NMt2HSbTD5FGjpgtYN6MUGo-xOX3AqY9UXeYepAbhqkBfLKC5Zk3SXHJ6un1-7t_fqH_65DcHuk0WB6Qa5bvCR_I1gI702XVc12VxXtSE_nskLOZAj2l7EuYIW4olb74pLtdL85HEzvvkGa4l2vH1emOIUzbjMNgz5fk1yLvQJpZkgP580F0R8tjQX10qdlfmps2-eODnItTBGqmwGKufk4F-fgck5OXz3271r7778CCy_DJPv6zSKIM4PIJUEqdj_TuMG5j97vD9PzDVs6GXQ4gqyQYNKN6jSBjQdw5QHp0Wu77_2-9dtfYM4XZ7GqV7ejFOdftnm9GsLd_cSa-EXGLljd73YD3u9UCQhT3zuez6Puo6IAhqFQRR0UZi5fOGnB_8GAAD__5wDvWafBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.285Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjYe4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowaOIs14MiQlzcg_shb_AmHg2vUyy-h3e9339-vDeq-_qpNwlPkq6c_Y9NZJpSo92O4790gWZcVUb-_R523U6zjH7gszC4Jg9bEFXr7p-0HGO2G8L1ldHPcd1HNdx7RNSi0QNj-6xkPntyO1ETifwOm43wFD_fzelBUMt8GqXPAPJ508-Sj6AZDNkgx-OC9MvVP7KW4MypYXSqPjW-1k_U3WGwf6YaAtJtrX4G8rMCflqCSrbWjiAqjZbB4jlnCw99xBxtrWQibi6_lhpnEJkiPkh1NUMIp1B0hmYugLJHxCAcZw-g2xw47TSNb30mKUtOyfL__wNWc_J8sNnkQ3urKVyaJ9TaVlIlRkMkwZyOIPcmCEvt1GMLMh6G6z4FJL_QZznDyEb3HpHVbJvV0L3IfnOi57vcLfrJCtREDkrAfXpSixob6XnJsJzIz_yet5eUDKZgZollMZCKS2UiYUytzDgO3bg9ALmUj9MIs5WnYAGARexE_U8x6ERW0XJWgdjFPkYLB2D6cvI9SffcX9V-DELJhR9-cWckKs-dHkP5mIDwy2YgqDiDWpBUBuCmhLUkqAuCOqquc5T45nmBk9NGbuL7i2630xVsTGh11WxITICqsfQvNmU-cfmClhxYDpKDJ-qFmhcNFMa82aS75Kn27Ctm3mNvtixfY_ThMVJyMMwClnXD2mXMsa8kHNHUB9GNpBmCdRYGMk5WV99HbmckyOf30NMt2HSbTD5FGjpgtYN6MUGo-xOX3AqY9UXeYepAbhqkBfLKC5Zk3SXHJ6un1-7t_fqH_65DcHuk0WB6Qa5bvCR_I1gI702XVc12VxXtSE_nskLOZAj2l7EuYIW4olb74pLtdL85HEzvvkGa4l2vH1emOIUzbjMNgz5fk1yLvQJpZkgP580F0R8tjQX10qdlfmps2-eODnItTBGqmwGKufk4F-fgck5OXz3271r7778CCy_DJPv6zSKIM4PIJUEqdj_TuMG5j97vD9PzDVs6GXQ4gqyQYNKN6jSBjQdw5QHp0Wu77_2-9dtfYM4XZ7GqV7ejFOdftnm9GsLd_cSa-EXGLljd73YD3u9UCQhT3zuez6Puo6IAhqFQRR0UZi5fOGnB_8GAAD__5wDvWafBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 780420448cd03158e341e0d1c6298e2a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":243,"timings":{"blocked":148,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_1RTPYhdRRuek-T7ClP4E9H2IhZG3Js5Z-b8mUJdYzQYk7iJpBCL-d2M99wzx5lz7tlsFQyEYCELImh39r2bLIkhKGiphLt2gaDHxi2yjZ2dCBZWcjcLqy_M-zPPFM8z88y19WYHEWjY9rl37KopCnYsHuLBCxdNKW3rB2cuDEI8xMcHF02Z0OODlXlyk5dDQof46OBNJUb2WIRDjEMcDk4ap7RdObaLgqnu5OEwx0MaDcOYwor77-ybADwLQE520FNgZP_4b_p9MGIG5fjrE8qPalu99Ma4KVhtHUzk5nvlqLRtCeP9VrsAdLm5dxqs7xH64gDYcnNPAdjJxlwBcNOjA888BF5u7tEEPrnxiCkvQJXA5WFoJzNQxRYYNgNhr4KRPyMAIeHMWSjHN89Y17LLj1A2R3t06K8_wbQ9OvTwaSjHdxcLszI4b4umNrb0sKI7MCszMMszqJotqFcDMO0WiPpjMPIBws8ehnJ8-y07MaPBRLkRGLn9fIIjrTKuFjhPyQKlKV7IMNMLaYhxTOOMahzvXpTRM2A-gGa-TACNDqCpAhjL7QHFGRUhI4nOpUgxZZRKxXGeRRizXKTQiLmCNairNRDFGgh3BSp3BUbmsx6hv9_tEXrwe4_QNQKuuQf-0va3acRCTKQMaUwTFUaZDONQ5kmaplzELM_TTEaRUFpqrmKFRUS4FmkuMUs1lZopjkNJEkE5TjSJYo2looSLJI9pQsI0pjGNKGU8FzqSMqeMpSzPCcGMxjIjodR5rDIdpSQSGWcyTmKVqDjOMpngnGEWsjzOIqVkmONI8AyDlwH4GsFEdtAqBK1H0DIErUHQ1gjaSXdDFj7y3U1Z-IaHezXaq6Sb2np5nd2w9bIqETC3Bk52G6b6yF8FUR-crmovp3aeGK-7KeOyW6920JNzgwS3KgcjtT3Iuch4wrAOk0iyTKYMy1ARxhVjOpcEvOnA-AO7D7pqerSUvgqV6dHRT-8BZ1vgiy0Q5glgzf-AtVOCMbBL0yjGsFreHSnJDLcjVQ2FHYO0HVT1IagvB-vFDjoyXbqweG_Xrx_82oAS99FegHAdVK6DD82PCJaL69Ml26KNJdt69M3ZqjZjs8rmXj5fs1r9__bb6nJrnTx1wq_dek3MgXl754Ly9WlWSlMue_TVopFSuZPWCYW-P-UvKn6u8ZcWG1c21elzr588Na6c8t7YcgbM9OixPz4BYXp05Icvd_9p_OLnIKor4Kt9nt4i4BWCwiAo1P4-4x34f818v1_312HZBcDqq1COO5i4DiZFB6xYA98cnNaVu__KL2Q3gBfBlBcObfDCzXGzPdBERQLjLE1CkmkVEiqFjjOay4RhQhTUvjfPfffTPwEAAP__vWRB6EUFAAA=","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.580Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTPYhdRRuek-T7ClP4E9H2IhZG3Js5Z-b8mUJdYzQYk7iJpBCL-d2M99wzx5lz7tlsFQyEYCELImh39r2bLIkhKGiphLt2gaDHxi2yjZ2dCBZWcjcLqy_M-zPPFM8z88y19WYHEWjY9rl37KopCnYsHuLBCxdNKW3rB2cuDEI8xMcHF02Z0OODlXlyk5dDQof46OBNJUb2WIRDjEMcDk4ap7RdObaLgqnu5OEwx0MaDcOYwor77-ybADwLQE520FNgZP_4b_p9MGIG5fjrE8qPalu99Ma4KVhtHUzk5nvlqLRtCeP9VrsAdLm5dxqs7xH64gDYcnNPAdjJxlwBcNOjA888BF5u7tEEPrnxiCkvQJXA5WFoJzNQxRYYNgNhr4KRPyMAIeHMWSjHN89Y17LLj1A2R3t06K8_wbQ9OvTwaSjHdxcLszI4b4umNrb0sKI7MCszMMszqJotqFcDMO0WiPpjMPIBws8ehnJ8-y07MaPBRLkRGLn9fIIjrTKuFjhPyQKlKV7IMNMLaYhxTOOMahzvXpTRM2A-gGa-TACNDqCpAhjL7QHFGRUhI4nOpUgxZZRKxXGeRRizXKTQiLmCNairNRDFGgh3BSp3BUbmsx6hv9_tEXrwe4_QNQKuuQf-0va3acRCTKQMaUwTFUaZDONQ5kmaplzELM_TTEaRUFpqrmKFRUS4FmkuMUs1lZopjkNJEkE5TjSJYo2looSLJI9pQsI0pjGNKGU8FzqSMqeMpSzPCcGMxjIjodR5rDIdpSQSGWcyTmKVqDjOMpngnGEWsjzOIqVkmONI8AyDlwH4GsFEdtAqBK1H0DIErUHQ1gjaSXdDFj7y3U1Z-IaHezXaq6Sb2np5nd2w9bIqETC3Bk52G6b6yF8FUR-crmovp3aeGK-7KeOyW6920JNzgwS3KgcjtT3Iuch4wrAOk0iyTKYMy1ARxhVjOpcEvOnA-AO7D7pqerSUvgqV6dHRT-8BZ1vgiy0Q5glgzf-AtVOCMbBL0yjGsFreHSnJDLcjVQ2FHYO0HVT1IagvB-vFDjoyXbqweG_Xrx_82oAS99FegHAdVK6DD82PCJaL69Ml26KNJdt69M3ZqjZjs8rmXj5fs1r9__bb6nJrnTx1wq_dek3MgXl754Ly9WlWSlMue_TVopFSuZPWCYW-P-UvKn6u8ZcWG1c21elzr588Na6c8t7YcgbM9OixPz4BYXp05Icvd_9p_OLnIKor4Kt9nt4i4BWCwiAo1P4-4x34f818v1_312HZBcDqq1COO5i4DiZFB6xYA98cnNaVu__KL2Q3gBfBlBcObfDCzXGzPdBERQLjLE1CkmkVEiqFjjOay4RhQhTUvjfPfffTPwEAAP__vWRB6EUFAAA= HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI; uid_id2=602fe8be-bb73-4470-80af-710054584f05:1:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl27881586=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bc82e3d72eb8d2bb470f297204caa974\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":335,"timings":{"blocked":237,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=230d150f-9490-4a3a-bea8-81fe21939282\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=89d6f1c80b1e0bbfc99e7ec523be338e\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.639Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 29 Oct 2025 22:02:45 GMT","end":"Tue, 27 Jan 2026 22:02:44 GMT"},"fingerprint":{"sha1":"F7:0F:08:42:86:24:7C:1B:49:6E:E0:01:4D:B6:85:C3:51:09:E9:4B","sha256":"57:4B:E8:D9:F8:CD:FB:C3:56:16:42:88:21:1B:6A:B3:83:F2:4E:B5:2C:AC:2C:6B:0E:46:6B:15:51:D1:3D:17"}}},"request":{"raw":"GET /pxf.gif?uuid=230d150f-9490-4a3a-bea8-81fe21939282\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=89d6f1c80b1e0bbfc99e7ec523be338e\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=7 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 1\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 69e1eccd63c77d55450b130f50bcd300\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":719,"timings":{"blocked":312,"dns":13,"connect":94,"send":0,"wait":95,"receive":0,"ssl":201},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/547d8fd3bf5eca459123df29d60ae120/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 22:02:13 GMT","end":"Thu, 08 Jan 2026 22:02:12 GMT"},"fingerprint":{"sha1":"77:A0:FB:EB:5C:7E:49:7D:87:94:CB:C5:AB:72:11:AE:6F:98:F7:81","sha256":"A3:92:D0:6C:23:66:83:18:50:AC:6C:E2:27:1F:6A:82:CE:FC:2B:6B:7E:B7:B3:EA:B9:6A:56:B2:EC:04:AF:40"}}},"request":{"raw":"GET /547d8fd3bf5eca459123df29d60ae120/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18553\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 9b20f1bacd3a125de1eecd26d85628fb\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46550), with no line terminators","md5":"9364cde750df29e39ae425d5a5ca94f3","sha1":"1d3ce32e09cd5c93f8e51f64479c70076f114716","sha256":"1e0be1165f3c18f37ad40f922e4b9aefb5099fc3596095db7405fcbbfaed1c86","sha512":"1790f371874dd3dce499cd33179a6f78632be864d5517fd167609b7ca5195f32315cb418e493387e0420786cdb854fb1e2aaf06cafe0dad699a373d7f0cf0d37","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/Xst:c9VtXvZYD6s/7V1Pela1Y/oJCZPst","tlshash":"d623e88a3f91f09d83da317722af500bf85e4c966188d444e543b4b4effa36ae536a14","first_seen":"2025-11-23T07:21:30.135877Z","last_seen":"2025-11-23T07:21:30.135877Z","times_seen":1,"resource_available":true,"data":null}},"time_used":768,"timings":{"blocked":281,"dns":10,"connect":94,"send":0,"wait":95,"receive":92,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pl27982090.effectivegatecpm.com/32dafcbf6d6696c536a5accc26dd0ea3/invoke.js","fqdn":"pl27982090.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.722Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /32dafcbf6d6696c536a5accc26dd0ea3/invoke.js HTTP/1.1\r\nHost: pl27982090.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 15779\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: pl27982090.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: cf26d3e7fea0621696d4ea3df33b9e89\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":43353,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43351), with no line terminators","md5":"9edab53d2a7668b06fef55b11b684a91","sha1":"2657298608a988c83243c4bc02ce6a8c875fbaa9","sha256":"709423e2f87c2d15f44169282745204d00d8d8134e02f195e2daf5435eb108ad","sha512":"326b6985c690462cc5be4364a862f075f059aa0f05ee9a43d3a86cfebc53b1b64fb53997c5c53de792551ea8a2f97e47659ecf9587bffed3694ef8e5cf79ade6","ssdeep":"768:VyrAlvRkAwtHAfRAAnvfvXdhPA1dcudspAU2S6nXgCUhbLIqhJEOlhPb3cE:VyclvRdLZBnnvXD47dsqXznXgCGb3J","tlshash":"7213b6cabf91f27c0387a43a523fd00bf1279d5664c8d558e262e8651bac31bd63db24","first_seen":"2025-11-23T07:21:30.137469Z","last_seen":"2025-11-23T07:21:30.137469Z","times_seen":1,"resource_available":true,"data":null}},"time_used":847,"timings":{"blocked":320,"dns":51,"connect":94,"send":0,"wait":97,"receive":93,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982090.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/main.js?ver=1.11.0.1763068703","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/js/main.js?ver=1.11.0.1763068703 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 9383\r\netag: \"8e2a-69164b1f-182a7a;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=q7hpqxJqDgRYzw0tSklgfOwfszP3u0maFdmp6zkdcRsQfPnFasqLC7SuHt3dR6wFvzexwxevjdZ%2FHVbtvhnWlMOFr7weIdoryZwKxQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f22de156a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":36394,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"62479648a67b52a1f395970c883fdd50","sha1":"fb9b2468304ef42eecd402a8a935877ca61a9f35","sha256":"5e5bf8c461e32fca94beaf4df1cb8064e06d9702184807936464a163ca82e2e0","sha512":"3393648937cf923b85076b9668d4e49cddfaa4c72d44bcf1fc0dd58dd87720dcf6ebab044d60c8c95b2e47924f3ea361ff273267c7015134d768598580860c9f","ssdeep":"384:pnujdbo6UazbyFx4QsbatrEOFxnIfYatSyDZD9Vk2ly6oUv:puRbo7azbyFx5NtrEYnIwsnD19VkW/oO","tlshash":"2af29489f77d2546867a30da6c6f16cd313d1236a842086fbc2896e428e4b3c7396d3d","first_seen":"2025-08-28T06:46:38.264936Z","last_seen":"2026-06-09T23:41:36.612635Z","times_seen":1558,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":100,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b8416e6df5c50ba831589717a3b68b46\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":725,"timings":{"blocked":308,"dns":15,"connect":92,"send":0,"wait":109,"receive":0,"ssl":197},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/605.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/605.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":10,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/a1/b9/23/a1b923bbe5846975f178468a56c44507/1756662048.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.520Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/a1/b9/23/a1b923bbe5846975f178468a56c44507/1756662048.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 40880\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:40:48 GMT\r\netag: \"68b48920-9fb0\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":40880,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:30:24], progressive, precision 8, 320x240, components 3","md5":"0ad45ff4319349ed2dcd5676103824ef","sha1":"63e168f607a393499e2494cf135403cf8bf55939","sha256":"ce5dbe9393b069f813258f03db62338e64f03dc550fde2e549ce1f435b335192","sha512":"b41e0a88c3e70d29a6cad28878cba25d7b5c631842c8b337475a66a49fc8d38a0581913e364089f3395a61f71dff54c6784a015baf8f0ba30a58020e732a9719","ssdeep":"768:Q0ixim0iM7Yy2nBu1/5h6bTM/k+w4zTXAvVUO6pFq5:Q0+0V7wBu1/5AQg4zTXAe7e5","tlshash":"4303bf55fb62cc62e8e06a3c10f1e717b2319658ab730b953d4e728b3790b564c8d747","first_seen":"2025-09-02T17:23:30.688077Z","last_seen":"2026-05-25T10:53:19.641674Z","times_seen":1333,"resource_available":false,"data":null}},"time_used":326,"timings":{"blocked":155,"dns":0,"connect":0,"send":0,"wait":88,"receive":83,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/9b/d5/0f/9bd50fd5d4a02ba4e5d1f1bec6dca9f1/1708270587.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.555Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/9b/d5/0f/9bd50fd5d4a02ba4e5d1f1bec6dca9f1/1708270587.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 53239\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 18 Feb 2024 15:36:35 GMT\r\netag: \"65d22403-cff7\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53239,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 24.5 (Windows), datetime=2024:02:18 15:43:07], progressive, precision 8, 468x60, components 3","md5":"034d0320b7ff0d6408e58a6012d2741c","sha1":"fd0e4bf86e361ea981e81b9a227e0bcf2413a4fc","sha256":"6a90dd44b2122e51af67ea778ceafcc1eee91bad6048c19d2de39f0399064cac","sha512":"79921634af5ccddbd67ad0285f62ae9ae88a86b2d15228c5be3626a35525b7dbcb8f479911b28b19f8db6d975ee06d4bc28a2eccaf4233de9bb360145a715533","ssdeep":"768:GifPsRGucjiIuw0lF4lmF8sbY79gn5GASX7DQ7C8R8N9n:9PsR6zrlK8sbyCn5G7/QG8Rk9n","tlshash":"b433d124ab66ae82f0e44171b8a1d3d65360cf85217357da7d2f3551b7383a1ebbc143","first_seen":"2024-02-24T12:57:25Z","last_seen":"2026-06-07T04:03:23.649544Z","times_seen":380,"resource_available":false,"data":null}},"time_used":254,"timings":{"blocked":119,"dns":0,"connect":0,"send":0,"wait":89,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27982080.effectivegatecpm.com/8e/2c/5d/8e2c5d0a9e14a08bcedae6c1b8957fa4.js","fqdn":"pl27982080.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.735Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 07 Oct 2025 14:07:36 GMT","end":"Mon, 05 Jan 2026 14:07:35 GMT"},"fingerprint":{"sha1":"4C:76:9C:94:6C:42:34:72:A0:D2:AB:83:41:4F:50:A7:86:B9:29:0E","sha256":"51:E9:3D:E7:55:E3:07:4E:B1:52:4B:31:49:6B:73:49:75:A8:2B:47:1F:1C:38:82:10:F3:DF:F5:9C:F3:88:6B"}}},"request":{"raw":"GET /8e/2c/5d/8e2c5d0a9e14a08bcedae6c1b8957fa4.js HTTP/1.1\r\nHost: pl27982080.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38150\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: pl27982080.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8bf9e96326d09ec3ef30e5e03b30560f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":106568,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fc8837bd93041a651dbefd1fd748584e","sha1":"33cc661e09d8c9b802713b3c8f183b0ace655749","sha256":"8c997e4859e8630ec0a195e1149faa694f587873a0e074a3f0ad21d214751928","sha512":"c0b4603b6bbd15ef7a7068f6d6b9de240ec6cdeb54efe678996512889dcfb8930d0d912c31e5d97982350d8bbd277c734d47a64c68a855eaa560fade94248f57","ssdeep":"1536:qd1IPAcpiczPP6RdHf8741ia98IWRatmD:Scxz36RS/RatE","tlshash":"18a3d8c87f51f47c03d77476223f610af06a9f00659ce598e013ecfa296871be479aa9","first_seen":"2025-11-23T07:21:30.141235Z","last_seen":"2025-11-23T07:21:30.141235Z","times_seen":1,"resource_available":true,"data":null}},"time_used":527,"timings":{"blocked":-1,"dns":48,"connect":92,"send":0,"wait":102,"receive":95,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"pl27982080.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.93105016530.js?key=50865c8e9f805c36d66a52e62e8e8f47\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.440Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /watch.93105016530.js?key=50865c8e9f805c36d66a52e62e8e8f47\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nlocation: https://sourshaped.com/watch.93105016530.js?dev=e\u0026key=50865c8e9f805c36d66a52e62e8e8f47\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=fe927f4940ed9da32cc05a1ec8d68d387f50caa78c23159134107cd22bb7fd0f8d4cfbcb8cade1843f2c2b43670b407235bf6b8044d71772b9156e9859a313befea7b9c584014eeb534319bbf44495fd149e4c27412f74e8164fcd\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OCwiayI6IjUwODY1YzhlOWY4MDVjMzZkNjZhNTJlNjJlOGU4ZjQ3Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MzIsInB0Ijo0LCJwayI6InUyYWRpeWd6eiIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6IkJsaXggU29sdXRpb25zIn0sInhmIjoiIiwiaXhmIjpmYWxzZSwiaWd4ZiI6ZmFsc2UsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9rZWRhaWJva2VwLmNvbS90YWcvb2ZmaWNpYWwxYXVyYWEvIiwiYXIiOltdfX0.t_z8yUpmkqNoAlJE99UrqsWP45d2G3ulpbUyB0hByvY; expires=Sun, 23 Nov 2025 07:21:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2c4ed2f704d32917117596286848ecc5\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4617,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":726,"timings":{"blocked":319,"dns":23,"connect":94,"send":0,"wait":97,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=910\u0026rd=910\u0026fd=572\u0026bv=25.11.7853\u0026tmpl=70","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=910\u0026rd=910\u0026fd=572\u0026bv=25.11.7853\u0026tmpl=70 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":654,"timings":{"blocked":266,"dns":1,"connect":94,"send":0,"wait":96,"receive":3,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/605.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.617Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/605.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 36924\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"903c-6908fce7-17b455;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CRxQctK8ALXwgh3MGEIWn89Za3sc4J8b8pqK2gv%2FUjX9RaCfx47IDuvcayCkoT5u0MYvitkTomMSokqH6nDK6%2FeQOlFHr6RoC7Zkdg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7b9e456a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":36924,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"4cf06cf00864959a0b39cb5111de9154","sha1":"2613f06515e043de197375db43ed9a9bfda533c7","sha256":"0deb876fd96e3155e8c23fa122035f8692b9ab4e5b1e5ba6e5e0864d7516b884","sha512":"c5b3219e704e4167e08329ad66f0811c1ef701a0d9fbbeb0a10f65371184fe37f100eedd01bb7fd4d866285737218b8167d399c94f2fd4fdf67c60886c48df17","ssdeep":"768:JxAMN8L6JGpxWgFTnclOlCX6mgG39G2OUHXiD/OoOMZatlicDEEX0:JxAMeWwG8D82CX/gGzZm/7W7k","tlshash":"29f2022b38a6f43a7d74f8d2d4e13a81d5a2e5b101c8414db7f284c70b595b1674bbe8","first_seen":"2025-11-23T07:21:30.142686Z","last_seen":"2025-11-23T07:21:30.142686Z","times_seen":1,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.93105016530.js?dev=e\u0026key=50865c8e9f805c36d66a52e62e8e8f47\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=fe927f4940ed9da32cc05a1ec8d68d387f50caa78c23159134107cd22bb7fd0f8d4cfbcb8cade1843f2c2b43670b407235bf6b8044d71772b9156e9859a313befea7b9c584014eeb534319bbf44495fd149e4c27412f74e8164fcd\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.922Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /watch.93105016530.js?dev=e\u0026key=50865c8e9f805c36d66a52e62e8e8f47\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=fe927f4940ed9da32cc05a1ec8d68d387f50caa78c23159134107cd22bb7fd0f8d4cfbcb8cade1843f2c2b43670b407235bf6b8044d71772b9156e9859a313befea7b9c584014eeb534319bbf44495fd149e4c27412f74e8164fcd\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nReferer: https://kedaibokep.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: text/html\r\nContent-Length: 3278\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv32=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs32=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nu_pl27881588=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 36\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 338568b8585974b83729e25bac462738\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4617,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3741)","md5":"029995e5c8bb5bf597c01299b8f63b47","sha1":"522fff36d7b6611bd4abea3e012130080b8dde6b","sha256":"c0bc3947e999a0b1de9380175e00c379631de1f75312c428a8a989fc74372dba","sha512":"faf108f87e0095db2c5f9b5486a336b1c7f17827438e3234b46cf2c143616520fff8d5e9a7af4c0ac89241355992ae3c34bf62eba5f0a4b4978bf9f160a1f359","ssdeep":"96:Nozy/o5sCGLn9XiwsKqqj/eDk/EvW6a75l7f+F1ZD2CfMEDaH:aznslLnIvKX/akMvW6ar+/V2CkCaH","tlshash":"ca914b717ce9aa35a897a05b133be55839a7411b2d44dc03bd1cd6031b90f624ffed94","first_seen":"2025-11-23T07:21:30.144286Z","last_seen":"2025-11-23T07:21:30.144286Z","times_seen":1,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":133,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.983Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 12414\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 14\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d16fd711e93a736924126405da395f0a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16238,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"948c9acf75043ddd5aa42be60727d28e","sha1":"71eaaa064e63a256f657741817c8804f3739c05d","sha256":"e54c2c38c04ab1f1f1ad461d263eef21dcb0cc28c3ac854abe500ae9bf71781c","sha512":"582acf8a3ab081515c2dc267595a4a0d7e36de2ad6b70561901f834ee4977cfaea8a4a887f72aa08e1042f97b6fe5859cb6b35ec21106ba870ad9132a285c1dc","ssdeep":"384:rOT8MGzg8osww5Sr0pMIBDxVEYe55fAeU8CtF5J2HSi5RTGV/Ri:rOp8ow5LprPEY85fAgObJ2HSi5RK9Ri","tlshash":"2e72a0bd566152b70fd4635b1c8b3d791e46a01ff6483f89c13c72a43d2c2876ab5a40","first_seen":"2025-11-23T07:21:30.145853Z","last_seen":"2025-11-23T07:21:30.145853Z","times_seen":1,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":200,"dns":0,"connect":0,"send":0,"wait":110,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQBSzM7POcHs7y8z-uFwViBRFFOiQKICGvXdOTEIUQUFJMGcaFAkpV-EibvgLEBI1Wuckw1e87_v2bfHem-_apNwjPkq6e-5dNZJpSo91O4794kWZcVUb-8wF23U6znH7oszC4Lg9bEFXr7h-0HGO2m8J1lfHPMd1HNdx7ZNSi0QNj-2zkPmdyO1ETifwOm43wFD_fzelBUMt8GqPPA3J50_8mbwPyWbIBt-fEKZfqPzlNwdlSgulUfGt97J-puoMg4Mx0RaSbGvxN5SZE_LlElS2tXAAVW22DhDLOVl69iHibGshE3F145HSOIXIEPPDqKsZRDqDpDMwdRWSPyAA4zhzFtng5hmla3r5EUtbdk6W__kbsp6T5YfPIBvcXUvl0D6v0rKQKjMYJg3kcAa5MUNe7qAYWZD1DljxCST_nTjPHUY2uP22qmTfroTuQ_LdFzzf4W7XSVaiIHJWAurTlVjQ3krPTYTnRn7k9bz9oGQyAzVLKI2FUlooEwtlbmHAd-3A6QXMpX6YRJytOgENAi5iJ-p5jkMjtoqStQ7GKPIxWDoG01eQ64-_5f6q8GMWTCj68vM5Idd86HIb5lIDwy2YgqDiDWpBUBuCmhLUkqAuCOqqucFT45nmJk9NGbuL7i2630xVsTGhN1SxITICqsfQvNmU-UfmKljx2HSUGD5VLdC4aKY05s0k3yNPtWFbt_IafbFr-x6nCYuTkIdhFLKuH9IuZYx5IeeOoD6MbCDNEqixMJJzsr76GnI5J0c_20ZMd2DSHTD5JGjpgtYN6KUGo-xuX3AqY9UXeYepAbhqkBfLKC5bk3SPHJmuX1jb3n_1D_64B8Huk0WB6Qa5bvCh_JVgI70-XVc12VxXtSE_nM0LOZAj2l7E-YIW4vHb74jLtdL81AkzvvU6a4l2vHNBmOI0zbjMNgz5bk1yLvRJpZkgP50yF0V8rjSX1kqdlfnpc2-cPDXItTBGqmwGKufk0F-fgsk5OXLvm_1r7760B5ZfgckPdBpFEOdLSCVBKg6-07iB-c8eH8wTcx0behm0uIps0KDSDaq0AU3HMOWhaZHr-6_-9lVbXyNOl6dxqpc341SnX7Q5_bIfVgs7LfwMI3ftrhf7Ya8XiiTkic99z-dR1xFRQKMwiIIuCjOXz__44N8AAAD__wpxYYGfBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.282Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQBSzM7POcHs7y8z-uFwViBRFFOiQKICGvXdOTEIUQUFJMGcaFAkpV-EibvgLEBI1Wuckw1e87_v2bfHem-_apNwjPkq6e-5dNZJpSo91O4794kWZcVUb-8wF23U6znH7oszC4Lg9bEFXr7h-0HGO2m8J1lfHPMd1HNdx7ZNSi0QNj-2zkPmdyO1ETifwOm43wFD_fzelBUMt8GqPPA3J50_8mbwPyWbIBt-fEKZfqPzlNwdlSgulUfGt97J-puoMg4Mx0RaSbGvxN5SZE_LlElS2tXAAVW22DhDLOVl69iHibGshE3F145HSOIXIEPPDqKsZRDqDpDMwdRWSPyAA4zhzFtng5hmla3r5EUtbdk6W__kbsp6T5YfPIBvcXUvl0D6v0rKQKjMYJg3kcAa5MUNe7qAYWZD1DljxCST_nTjPHUY2uP22qmTfroTuQ_LdFzzf4W7XSVaiIHJWAurTlVjQ3krPTYTnRn7k9bz9oGQyAzVLKI2FUlooEwtlbmHAd-3A6QXMpX6YRJytOgENAi5iJ-p5jkMjtoqStQ7GKPIxWDoG01eQ64-_5f6q8GMWTCj68vM5Idd86HIb5lIDwy2YgqDiDWpBUBuCmhLUkqAuCOqqucFT45nmJk9NGbuL7i2630xVsTGhN1SxITICqsfQvNmU-UfmKljx2HSUGD5VLdC4aKY05s0k3yNPtWFbt_IafbFr-x6nCYuTkIdhFLKuH9IuZYx5IeeOoD6MbCDNEqixMJJzsr76GnI5J0c_20ZMd2DSHTD5JGjpgtYN6KUGo-xuX3AqY9UXeYepAbhqkBfLKC5bk3SPHJmuX1jb3n_1D_64B8Huk0WB6Qa5bvCh_JVgI70-XVc12VxXtSE_nM0LOZAj2l7E-YIW4vHb74jLtdL81AkzvvU6a4l2vHNBmOI0zbjMNgz5bk1yLvRJpZkgP50yF0V8rjSX1kqdlfnpc2-cPDXItTBGqmwGKufk0F-fgsk5OXLvm_1r7760B5ZfgckPdBpFEOdLSCVBKg6-07iB-c8eH8wTcx0behm0uIps0KDSDaq0AU3HMOWhaZHr-6_-9lVbXyNOl6dxqpc341SnX7Q5_bIfVgs7LfwMI3ftrhf7Ya8XiiTkic99z-dR1xFRQKMwiIIuCjOXz__44N8AAAD__wpxYYGfBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7ab6b5716cd50925c456db9e90a80b53\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":210,"timings":{"blocked":112,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1RTz48URRSuXjjBwV9ETyYd9ADRHfrXzHRLDLgiSkQgC4aDB62uqt4tp6erreofy56IRMLJLDcPHnq-GXYFCdGDR-Nm1tsmJowHswc2JvwDJhrPZmYnIb7De6_e91L5vlevbg_KfeKjpHtXPlLrMk3pqXbLsU9clxlXtbEvXbNdp-Wctq_LrBOcttemTldvuX7Qck7a7wvWU6c8x3Uc13Ht81KLRK2dmqGQ-cPIbUVOK_BabjvAmv7_2ZQLMNQCr_bJi5B88tzT5BNINkbW_-GcML1C5W--1y9TWiiNim99nPUyVWfoP0sTbSHJtubdUGZCyDcLUNnWXAFUNZoqQCwnZOHlJ4izrTlNxNW9A6ZxCpEh5kdRV2OIdAxJx2DqFiR_TADGcekysv7mJaVreuMApVN0Qg7_-zdkPSGHnxxD1n-0lMo1-6pKy0KqzGAtaSDXxpArY-TlDop1C7LeASu-hOS_EeeVo8j6Dz5QlezZldA9SL73uuc73G07yWIURM5iQH26GAsaLoZuIjw38iMv9GaDkskY1CygNBZKaaFMLJS5hT7fswMnDJhL_U4ScdZ1AhoEXMROFHqOQyPWRcmmCjZQ5Btg6QaY_mqzzJjxugP3YflpnnrdMHTbYXvgbuZ8tehVo0KXYjTtGbjfHZS87qyIXN9ET96dEHLbhy63YVYbGG7BFAQVb1ALgtoQ1JSglgR1QVBXzT2eGs80mzw1ZezOozePfjNUxcqA3lPFisgIqN6A5s1I5l-YW2DFoeF6YvhQTR2Ni2ZIY94M8n3ywvRprPt5hZ7Ys8OIdxKXhU7sCieOExZFoitY2_Nj4fuhgJENpFkANRbW5YQsd88ilxNy8uttxHQHJt0Bk8-Dlq-C1g3oaoP17FFPcCpj1RN5i6k-uGqQF4dR3LAG6T55abh8bWl7tiOfnTsOwXbJ3MB0g1w3-Fz-SrCS3hkuq5qMllVtyI-X80L25Tqd7s_VghbCevChuFErzS-cMxv332FTYJo-vCZMcZFmXGYrhny_JDkX-rzSTJCfL5jrIr5SmtWlUmdlfvHKu-cv9HMtjJEqG4PKCTny7RtgckKOnTgz-xvtf_4Ey2_C5Ltnnvozg1EEcW4hlQSpeMafxg2M2D177LU_jrydjxCL3V_-OsAG5g5WtAVa3ELWb1DpBlXagKYbMOWhYZHr3TO_z--PU2sYp9oaxalO7x7Mycg9u-3FficMOyLp8MTnvufzqO2IKKBRJ4iCNgozkcd_evxfAAAA___YpDR6vgQAAA==","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.487Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTz48URRSuXjjBwV9ETyYd9ADRHfrXzHRLDLgiSkQgC4aDB62uqt4tp6erreofy56IRMLJLDcPHnq-GXYFCdGDR-Nm1tsmJowHswc2JvwDJhrPZmYnIb7De6_e91L5vlevbg_KfeKjpHtXPlLrMk3pqXbLsU9clxlXtbEvXbNdp-Wctq_LrBOcttemTldvuX7Qck7a7wvWU6c8x3Uc13Ht81KLRK2dmqGQ-cPIbUVOK_BabjvAmv7_2ZQLMNQCr_bJi5B88tzT5BNINkbW_-GcML1C5W--1y9TWiiNim99nPUyVWfoP0sTbSHJtubdUGZCyDcLUNnWXAFUNZoqQCwnZOHlJ4izrTlNxNW9A6ZxCpEh5kdRV2OIdAxJx2DqFiR_TADGcekysv7mJaVreuMApVN0Qg7_-zdkPSGHnxxD1n-0lMo1-6pKy0KqzGAtaSDXxpArY-TlDop1C7LeASu-hOS_EeeVo8j6Dz5QlezZldA9SL73uuc73G07yWIURM5iQH26GAsaLoZuIjw38iMv9GaDkskY1CygNBZKaaFMLJS5hT7fswMnDJhL_U4ScdZ1AhoEXMROFHqOQyPWRcmmCjZQ5Btg6QaY_mqzzJjxugP3YflpnnrdMHTbYXvgbuZ8tehVo0KXYjTtGbjfHZS87qyIXN9ET96dEHLbhy63YVYbGG7BFAQVb1ALgtoQ1JSglgR1QVBXzT2eGs80mzw1ZezOozePfjNUxcqA3lPFisgIqN6A5s1I5l-YW2DFoeF6YvhQTR2Ni2ZIY94M8n3ywvRprPt5hZ7Ys8OIdxKXhU7sCieOExZFoitY2_Nj4fuhgJENpFkANRbW5YQsd88ilxNy8uttxHQHJt0Bk8-Dlq-C1g3oaoP17FFPcCpj1RN5i6k-uGqQF4dR3LAG6T55abh8bWl7tiOfnTsOwXbJ3MB0g1w3-Fz-SrCS3hkuq5qMllVtyI-X80L25Tqd7s_VghbCevChuFErzS-cMxv332FTYJo-vCZMcZFmXGYrhny_JDkX-rzSTJCfL5jrIr5SmtWlUmdlfvHKu-cv9HMtjJEqG4PKCTny7RtgckKOnTgz-xvtf_4Ey2_C5Ltnnvozg1EEcW4hlQSpeMafxg2M2D177LU_jrydjxCL3V_-OsAG5g5WtAVa3ELWb1DpBlXagKYbMOWhYZHr3TO_z--PU2sYp9oaxalO7x7Mycg9u-3FficMOyLp8MTnvufzqO2IKKBRJ4iCNgozkcd_evxfAAAA___YpDR6vgQAAA== HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 5\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3416b47c356790084e6435388a5ba950\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1306.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.655Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1306.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 17413\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"4405-6918130c-9ff0;;;\"\r\nlast-modified: Sat, 15 Nov 2025 05:43:40 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jtMjLPn9Hmv%2BChP%2BvhW%2FoztaL6JFsRT27kXrX2kWzdb2N7WIdhVkNOC6DjGh4uB7IUlXCnf5EimU51oeukBU06WM68CrfCUzk35TPA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0e56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":17413,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"f4e9a25b58eeb01db06eb3294b747d7f","sha1":"c904843cac4315e95298df7228695ddfd29d0e19","sha256":"06f9698e3b6cb762cbcbe248b99d698eee204ca21d86be844ee4562c3402ac80","sha512":"a43042338aef3a5cd490a13107aa1049def747cafd201d82d4932b46988f0bddeeeb9421f03cfc8978b6ea18998c708784655ac4b3776b3029bff219fe84997c","ssdeep":"384:ZiW4zzktO5QLl4Y8JGkOL4YkSGWAr19R5iPfR08pKMomWpw6tl7dhpPL1:MJzzktO5QpF8JGkOLBiXOf1WpTtl5PL1","tlshash":"2672b018787f52638376f2f31cfa1916c3f6ca50aa16504cf4699c734f28d52669a18f","first_seen":"2025-11-21T02:12:55.238441Z","last_seen":"2025-11-23T07:21:30.147413Z","times_seen":2,"resource_available":false,"data":null}},"time_used":133,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/bb/5e/7a/bb5e7a409e9493480d272715857de006/1756661819.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.246Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/bb/5e/7a/bb5e7a409e9493480d272715857de006/1756661819.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 81333\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:36:59 GMT\r\netag: \"68b4883b-13db5\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81333,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:01:08], progressive, precision 8, 320x240, components 3","md5":"37216fc5eeed9ad5265913b11e7cdb2a","sha1":"b503474df8033aa8618961be68df64198b8def1c","sha256":"f72be2709677c7315d46e09e382db81a10d42f9da63e4b0fcebcfb91cc920c19","sha512":"80ab464711d9b4b0f57182872eff6ae25289b870fdec7c85295f60c742829b0955db4dccbae1bf875003751cbc17d6f2c7114ee7c80ef7e9f3d576ba7e2bf0a2","ssdeep":"1536:bA9iNcqwL9iNcqwhOW5r8XCOMs8dTDMbw0DGeY5So53yGTscD:6iCxiCUWKXC6Suid53y2D","tlshash":"6083f17cb38ade03f0e9257e54a2d3ebc3799e98a3832605785da9443bf60107d4e249","first_seen":"2025-09-02T18:13:44.358405Z","last_seen":"2026-05-25T10:53:19.587504Z","times_seen":1403,"resource_available":false,"data":null}},"time_used":1075,"timings":{"blocked":471,"dns":0,"connect":20,"send":0,"wait":62,"receive":65,"ssl":452},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSzY8U1Rd9Nb_JbwELPzC6rRgXkDhNfXVNlyzUEVEiAhkwLAyLV--9Gp5dXa98rz6GWaEkhLgwbeJC3Vh9emAECdGFGxMN6WFjSDTUwjgLZuMfYIyJa1NDJ6N3ce-5dWpxznn32qTcJT5KunP2bbUh05Qe7fcc-_AFmXFVG_v0edt1es4x-4LMwuCYvd41Xb3k-kHPOWK_IdhQHfUc13Fcx7VPSC0StX50j4XM70RuL3J6gddz-wHW9X93U1ow1AKvdsnTkLx94vfkXUg2Qzb65rgww0LlL74-KlNaKI2Kb72TDTNVZxjtw0RbSLKt-d9QpiXkswWobGvuAKra7Bwgli1ZePYR4mxrLhNxdeOx0jiFyBDzg6irGUQ6g6QzMHUVkj8kAOM4fQbZ6OZppWt6-TFLO7Yli3__BVm3ZPHRM8hGd1dSuW6fU2lZSJUZrCcN5PoMcm2GvNxGsWFB1ttgxYeQ_GfiPHcQ2ej2m6qSQ7sSegjJd17wfIe7fSdZioLIWQqoT5diQQdLAzcRnhv5kTfw9oKSyQzULKA0FkppoUwslLmFEd-xA2cQMJf6YRJxtuwENAi4iJ1o4DkOjdgyStY5GKPIx2DpGExfQa4_-Ir7y8KPWTChGMpPWkKu-dDlPZhLDQy3YAqCijeoBUFtCGpKUEuCuiCoq-YGT41nmps8NWXszqc3n34zVcXahN5QxZrICKgeQ_NmU-bvm6tgxf-mG4nhU9U1GhfNlMa8meS75KkubOtWXmModmzf4zRhcRLyMIxC1vdD2qeMMS_k3BHUh5ENpFkANRY2ZEtWl19BLlty5ON7iOk2TLoNJp8ELV3QugG91GAjuzsUnMpYDUXeY2oErhrkxSKKy9Yk3SWHpqvnV-7tvfrFX3-BYA_IvMB0g1w3eE_eJ1hLr09XVU02V1VtyLdn8kKO5AbtLuJcQQvx_9tvicu10vzkcTO-9SrriA7eOS9McYpmXGZrhny9IjkX-oTSTJAfTpoLIj5bmksrpc7K_NTZ106cHOVaGCNVNgOVLTnw50dgsiWHfvxy79r7h_8Ay6_A5Ps6jSKI8wWkkiAV-99p3MD8a4_38cRcx5peBC2uIhs1qHSDKm1A0zFMeWBa5PrByz993tUXiNPFaZzqxc041emnLbn42_29sDr0fddmMHLH7nuxHw4GoUhCnvjc93we9R0RBTQKgyjoozCtfP67h_8EAAD__9TYcLGfBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSzY8U1Rd9Nb_JbwELPzC6rRgXkDhNfXVNlyzUEVEiAhkwLAyLV--9Gp5dXa98rz6GWaEkhLgwbeJC3Vh9emAECdGFGxMN6WFjSDTUwjgLZuMfYIyJa1NDJ6N3ce-5dWpxznn32qTcJT5KunP2bbUh05Qe7fcc-_AFmXFVG_v0edt1es4x-4LMwuCYvd41Xb3k-kHPOWK_IdhQHfUc13Fcx7VPSC0StX50j4XM70RuL3J6gddz-wHW9X93U1ow1AKvdsnTkLx94vfkXUg2Qzb65rgww0LlL74-KlNaKI2Kb72TDTNVZxjtw0RbSLKt-d9QpiXkswWobGvuAKra7Bwgli1ZePYR4mxrLhNxdeOx0jiFyBDzg6irGUQ6g6QzMHUVkj8kAOM4fQbZ6OZppWt6-TFLO7Yli3__BVm3ZPHRM8hGd1dSuW6fU2lZSJUZrCcN5PoMcm2GvNxGsWFB1ttgxYeQ_GfiPHcQ2ej2m6qSQ7sSegjJd17wfIe7fSdZioLIWQqoT5diQQdLAzcRnhv5kTfw9oKSyQzULKA0FkppoUwslLmFEd-xA2cQMJf6YRJxtuwENAi4iJ1o4DkOjdgyStY5GKPIx2DpGExfQa4_-Ir7y8KPWTChGMpPWkKu-dDlPZhLDQy3YAqCijeoBUFtCGpKUEuCuiCoq-YGT41nmps8NWXszqc3n34zVcXahN5QxZrICKgeQ_NmU-bvm6tgxf-mG4nhU9U1GhfNlMa8meS75KkubOtWXmModmzf4zRhcRLyMIxC1vdD2qeMMS_k3BHUh5ENpFkANRY2ZEtWl19BLlty5ON7iOk2TLoNJp8ELV3QugG91GAjuzsUnMpYDUXeY2oErhrkxSKKy9Yk3SWHpqvnV-7tvfrFX3-BYA_IvMB0g1w3eE_eJ1hLr09XVU02V1VtyLdn8kKO5AbtLuJcQQvx_9tvicu10vzkcTO-9SrriA7eOS9McYpmXGZrhny9IjkX-oTSTJAfTpoLIj5bmksrpc7K_NTZ106cHOVaGCNVNgOVLTnw50dgsiWHfvxy79r7h_8Ay6_A5Ps6jSKI8wWkkiAV-99p3MD8a4_38cRcx5peBC2uIhs1qHSDKm1A0zFMeWBa5PrByz993tUXiNPFaZzqxc041emnLbn42_29sDr0fddmMHLH7nuxHw4GoUhCnvjc93we9R0RBTQKgyjoozCtfP67h_8EAAD__9TYcLGfBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b3ce44782c16dcfe4df70db117599cf8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":343,"timings":{"blocked":235,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/impr.gif?sid=H4sIAAAAAAAC_1RTPWwcRRSedQISisRfELQnREEQdmZ2dvdmSQGYEIgISXCCUlDNrzPc3s4ys3vruIoIilIhSzSU63d2rIQoggI6pOhMRaSIHJWLuKGjjaCgQudYMrzive_NN8X3jb65vt7sIgoN3zn_sVu1RcGPpwu49_olWyrXht7Ziz2CF_CJ3iVbZsmJ3sqs-dFbhCYL-FjvAy0H7niMCcYEk94p67VxK8f3WLDVnZws5HghiRdImsCK__8emggCj0CNdtGLYNX0uT_MZ2DlBMrh9yd1GNSuevP9YVPw2nkYqa1Py0Hp2hKGB9D4CEy5tX8bXJgi9O0cuHJr3wG40cbMAQg7RXMvPwJRbu3LBDHafKJUFKBLEOoItKMJ6GIbLJ-AdNfAqocIQCo4ew7K4c2zzrf8yhOWz9gpOvz3Y7DtFB1-9BKUw7uLhV3pXXBFU1tXBlgxHdiVCdjlCVTNNtSrEdh2G2T9JVj1AOFXjkA5vP2hG9lBb6T9AKzaeS2mWJEUm_k8yfF8wimfF5qzeUaMjklO85jFew9lzQR4mIMmRNDYCBoTQVNFMFQ7vQSzRBJOM5Mr2ccJTxKlBc5ZjDHPZR8aOXOwBnW1BrJYA-mvQuWvwsB-M0Xon0-mCD34c4rQdQq-uQfh8s5PWUZJxnicJHHMCI15X2vBBGUkITg3XGGTGEMSKiTpM0pToygRJiUmYUmWU5UqpajJFclooiU1MuGpSBWJsc5l3xhJBZGMa5GrOO7LNDayzzLNCVOpIpqmnPSxkilLCOM8pYzTjGjGDGcSa5ymDMucS5qlqe5nNEu1ZCkEFUGoEYxUB61G0AYELUfQWgRtjaAddZuqCHHobqoiNILsz3h_0m7s6uV1vunqZV0i4H4NvOo2bPVFuAayPjReNUGN3axxUXdjLlS3Xu2iF2YRiW5VHgZ6p5cLyUTGsSFZrDhTfY5nnrjQnJtcUQi2AxvmgIcIVu0ULfXfgcpO0bGv74Hg2xCKbZD2eeDNU8DbMcUY-OVxnGJYLe8OtOJWuIGuFqQbgnIdVPVhqK9E68UuOjpeurh4by-xZ756BrS8j_YLpO-g8h18bn9BsFzcGC-5Fm0suTagH85VtR3aVT5L84Wa1_rp2x_pK63z6vTJsHbrXTkjZvDORR3qM7xUtlwO6LtFq5T2p5yXGv18OlzS4nwTLi82vmyqM-ffO3V6WHkdgnXlBLh9qH8Faafo2cdH9_7pG5t_gayuQqgOVAaHQFQICoug0AfnXHQQ_rOLA7websCyj4DX16AcdjDyHYyKDnixBqE5NK4rf__t3-legSiisSg82hCFn_F2p2eojiXGrJ8RyowmNFHSpCzJVcYxpRrqMLWv_vjbvwEAAP__ZWBxnUUFAAA=","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.566Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTPWwcRRSedQISisRfELQnREEQdmZ2dvdmSQGYEIgISXCCUlDNrzPc3s4ys3vruIoIilIhSzSU63d2rIQoggI6pOhMRaSIHJWLuKGjjaCgQudYMrzive_NN8X3jb65vt7sIgoN3zn_sVu1RcGPpwu49_olWyrXht7Ziz2CF_CJ3iVbZsmJ3sqs-dFbhCYL-FjvAy0H7niMCcYEk94p67VxK8f3WLDVnZws5HghiRdImsCK__8emggCj0CNdtGLYNX0uT_MZ2DlBMrh9yd1GNSuevP9YVPw2nkYqa1Py0Hp2hKGB9D4CEy5tX8bXJgi9O0cuHJr3wG40cbMAQg7RXMvPwJRbu3LBDHafKJUFKBLEOoItKMJ6GIbLJ-AdNfAqocIQCo4ew7K4c2zzrf8yhOWz9gpOvz3Y7DtFB1-9BKUw7uLhV3pXXBFU1tXBlgxHdiVCdjlCVTNNtSrEdh2G2T9JVj1AOFXjkA5vP2hG9lBb6T9AKzaeS2mWJEUm_k8yfF8wimfF5qzeUaMjklO85jFew9lzQR4mIMmRNDYCBoTQVNFMFQ7vQSzRBJOM5Mr2ccJTxKlBc5ZjDHPZR8aOXOwBnW1BrJYA-mvQuWvwsB-M0Xon0-mCD34c4rQdQq-uQfh8s5PWUZJxnicJHHMCI15X2vBBGUkITg3XGGTGEMSKiTpM0pToygRJiUmYUmWU5UqpajJFclooiU1MuGpSBWJsc5l3xhJBZGMa5GrOO7LNDayzzLNCVOpIpqmnPSxkilLCOM8pYzTjGjGDGcSa5ymDMucS5qlqe5nNEu1ZCkEFUGoEYxUB61G0AYELUfQWgRtjaAddZuqCHHobqoiNILsz3h_0m7s6uV1vunqZV0i4H4NvOo2bPVFuAayPjReNUGN3axxUXdjLlS3Xu2iF2YRiW5VHgZ6p5cLyUTGsSFZrDhTfY5nnrjQnJtcUQi2AxvmgIcIVu0ULfXfgcpO0bGv74Hg2xCKbZD2eeDNU8DbMcUY-OVxnGJYLe8OtOJWuIGuFqQbgnIdVPVhqK9E68UuOjpeurh4by-xZ756BrS8j_YLpO-g8h18bn9BsFzcGC-5Fm0suTagH85VtR3aVT5L84Wa1_rp2x_pK63z6vTJsHbrXTkjZvDORR3qM7xUtlwO6LtFq5T2p5yXGv18OlzS4nwTLi82vmyqM-ffO3V6WHkdgnXlBLh9qH8Faafo2cdH9_7pG5t_gayuQqgOVAaHQFQICoug0AfnXHQQ_rOLA7websCyj4DX16AcdjDyHYyKDnixBqE5NK4rf__t3-legSiisSg82hCFn_F2p2eojiXGrJ8RyowmNFHSpCzJVcYxpRrqMLWv_vjbvwEAAP__ZWBxnUUFAAA= HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv5=true; uncs5=1; u_pl27881586=1; pdhtkv32=true; uncs32=1; u_pl27881588=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c3b4f414639956fd92cdf7e121f43e96\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":321,"timings":{"blocked":224,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 18 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 18 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nage: 388694\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-06-10T02:15:04.407748Z","times_seen":875654,"resource_available":false,"data":null}},"time_used":136,"timings":{"blocked":59,"dns":1,"connect":7,"send":0,"wait":8,"receive":9,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery.min.js?ver=3.7.1 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 29597\r\netag: \"15601-6908fa63-14a9e2;br\"\r\nlast-modified: Mon, 03 Nov 2025 18:54:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZWGWfRtTaws6bvf4Avf1nmsFJuY3k90TlHj70VjzjLOuymj8OiUls8Ro5fJnMzcZ3XYx2EGAZdj5SSoxJDEFt2eZe5wyMdilU8vR3w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f21dd456a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":87553,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"826eb77e86b02ab7724fe3d0141ff87c","sha1":"79cd3587d565afe290076a8d36c31c305a573d18","sha256":"cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf","sha512":"fc79fdb76763025dc39fac045a215ff155ef2f492a0e9640079d6f089fa6218af2b3ab7c6eaf636827dee9294e6939a95ab24554e870c976679c25567ad6374c","ssdeep":"1536:0RUX9uDgwxcy2KVBNwchN6SLaHEk2BSrBESp+a/IEk4aAocVi8SMBQ47GKO:sHNwcv9VBQpLl88SMBQ47GKO","tlshash":"7483f8df77ca702247ab30b9006f550bf276199d684d4400f159d8e9bcb8a4a827bf7e","first_seen":"2023-11-03T09:26:43Z","last_seen":"2026-06-10T02:14:35.575817Z","times_seen":898197,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":117,"receive":28,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/js/skip-link-focus-fix.js?ver=1.0.0 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 329\r\netag: \"2ab-69164b1f-182a7c;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=UGleA0HJeI810SZSX%2FR5xFPDPZsiRHjUEoMz56mn9DuoYULPD4uyfPjKtC2moixQg40ULfbpUcnp98R18z1D3VDLl416OC2z1ypAog%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f22de356a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":683,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"75abd4cd8807b312f9f7faeb77ee774b","sha1":"e7b7a7ed06d0123ab8667a1d1eeb23de9f2bece7","sha256":"ca424c0181141900220a19f998ffa7660380bc99ab99557ad458a083251f7034","sha512":"c9f1f752994f1361555680ca5a60339fda152587ccc055db20148c086d82846887dd0801187aa033829b7d5eb9644b9391f493965eee35b4a1592f82cbb36aa4","ssdeep":"","tlshash":"bb01cbb6b30d44b604aa32178d5f61cd297d91e3a829649b8cc909502924c6d23befb8","first_seen":"2023-03-07T01:03:28Z","last_seen":"2026-06-10T01:50:19.74765Z","times_seen":12109,"resource_available":true,"data":null}},"time_used":163,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":163,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.22.3","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.734Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/plugins/wp-smushit/app/assets/js/smush-lazy-load.min.js?ver=3.22.3 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 7602\r\netag: \"5772-6921b697-1fb5df;br\"\r\nlast-modified: Sat, 22 Nov 2025 13:11:51 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zDdREiIYgBMVPBmq3Msc6kJDT8niGKrnpoBm4O7BAmWDcvi7cg3If3DzPmRY3AqKNmV404xydZp%2FugLInK9uYIl8U4tePPJ%2FzqiLcg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f22de556a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22386,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (22338)","md5":"93b3720e7695d8028cb86f0e618ada73","sha1":"f450880dd098d857d9dfa38430ba2fa7ede6551f","sha256":"d82122f0fe9f7a7190f929e05b2f026e20cc5df64bd294204795afe72f02929a","sha512":"23e340152f6c7c472044a0a2ebff34e5e9392c255187ac50d7e70a2e07399f4ed13f0b8f46fa60a8e6129d068e076271042b650d267c7a84bb63a69c83f88935","ssdeep":"384:1nzmcCFxbUyeggTRuliyLdAkLWNpyvI3e+ZTtztLyFYZ4PW8gVIBnBCpFu95fq32:1nzmcCDbUy2TQliyBWNpyvI3e+ZpoFKM","tlshash":"c0a2e8ae7296f47aa99770b5442f200af23635261899c494e536d4d0ae3cd8e6223f7c","first_seen":"2025-10-02T08:50:18.110224Z","last_seen":"2026-06-09T00:21:37.842891Z","times_seen":2989,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.125.70.62","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.278Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://kedaibokep.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Wed, 21 Nov 2035 07:20:48 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0cb51e062b860d1664431e25e695f0e0","sha1":"0c3abd638cec79727c95404f13dcc4d162acc044","sha256":"e4f3d7897bb79084471bca4e46cf4fb1b866472d87cc9dd646a03536c21632ee","sha512":"51546f2d1aaa727687654d1c8750407c786962c0aba14764e72606066b5d7957aed62c00164aadfa0962352b5255b616cad2062c34cea052a672153a460e5067","ssdeep":"","tlshash":"ef90040cf35770454f4c0cc15700357f3057d3c740400510444dd5074570110f474d01","first_seen":"2025-11-23T07:21:30.153248Z","last_seen":"2025-11-23T07:21:30.153248Z","times_seen":1,"resource_available":false,"data":null}},"time_used":163,"timings":{"blocked":71,"dns":0,"connect":21,"send":0,"wait":22,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1352.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.652Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1352.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 25434\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"635a-6920f776-3cff;;;\"\r\nlast-modified: Fri, 21 Nov 2025 23:36:22 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jtA9WxXynbWF9kVpG55joW3%2BWSCfkVR6rrefVEaMx%2BuLdk2YuqrOu5EnH6VFvrOnqC6khTn%2FLfMSV3X3pHfHy2ae4e1AsMV1V5mbqA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0a56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":25434,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"c42f5731179b46b57ab4073898cadc5a","sha1":"fcaeed5289f41cb55af80643b1313e300e1827fc","sha256":"55cf6a9fa1028a68b668a4120b1bf5766d69572e614a291563f7da46d97baf0b","sha512":"6dc7c2c250c2034810ef0f20011871bcb681594e3c41a0a6e4a05fcc25f8d6e4c9f241aef30579f2e073476465723f8fb8d0f75cf77d09d71d8b676d881095ee","ssdeep":"384:9jXl4jNW/Lv+DRAWl6hm8/nqqoDweOweDNt+xu39fFZ9xg6H5KEo+moo0Pq+:V6jN0v+FA2O/Jww4o39f5xdHktoo0Pq+","tlshash":"6bb2d056787612f2f402db7d1dcf349d91db6e849ce1099c8b4651b35da098f20fb64c","first_seen":"2025-11-23T07:21:30.154738Z","last_seen":"2025-11-23T07:21:30.154738Z","times_seen":1,"resource_available":false,"data":null}},"time_used":130,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":29,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/11/ca/f4/11caf4e942c5d5d5d04515433ce3d147/1756566718.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/11/ca/f4/11caf4e942c5d5d5d04515433ce3d147/1756566718.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 59745\r\nserver: nginx/1.21.6\r\nlast-modified: Sat, 30 Aug 2025 15:11:58 GMT\r\netag: \"68b314be-e961\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":59745,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 14:52:07], progressive, precision 8, 320x240, components 3","md5":"553444adab3dfcd61adc177371e70b19","sha1":"9cc9b386d317956511049e01988a6d95c10d02bf","sha256":"ae84ed1c8b29159b1746f9c305c3ab04f45ba50652ac4a645477e44fcd616882","sha512":"1c05db90f15c1a34847938159eec2284d7c280b14b3017a7c44f716fff49a61684cf7673543334bd9f97f6e5b17e28f275c1af76b28f570ced515d758d05970f","ssdeep":"1536:9H+iH+gX5OhYC0V1fluUkOk3TqDx18otcaUA:p+u+QkYC0V10UkOk3TqDx1btcaUA","tlshash":"8c43e169bf51eda3f4da8b388468d3d1ba0a7d65a387765230cc995c3fe06949c4d013","first_seen":"2025-09-02T18:27:26.543026Z","last_seen":"2026-05-23T14:11:03.798393Z","times_seen":1395,"resource_available":false,"data":null}},"time_used":464,"timings":{"blocked":332,"dns":0,"connect":0,"send":0,"wait":88,"receive":44,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/08/cropped-Logo-32x32.png","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/cropped-Logo-32x32.png HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1; pp_main_8e2c5d0a9e14a08bcedae6c1b8957fa4=1; sb_main_89d6f1c80b1e0bbfc99e7ec523be338e=1; sb_count_89d6f1c80b1e0bbfc99e7ec523be338e=1; m5a4xojbcp2nx3gptmm633qal3gzmadn=foldingcutleryhelium.com; pbpr0tpuw4isk85t8yg3jb2lj5vqf=kettledroopingcontinuation.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:50 GMT\r\ncontent-type: image/png\r\ncontent-length: 518\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:50 GMT\r\netag: \"206-6908fce7-17b53c;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=6,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FUt6jyCui%2Bt7XdyHEHKEs75lIb436cIchG%2FkQcJcyZdhHhCzVNgpANEWLZDlc3NtBigx26%2FB1qjQW7nPTbth29yMnwk42nT0we431Q%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee8033fda56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":518,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 32 x 32, 8-bit colormap, non-interlaced","md5":"da2dd3552f5ff1cae8a52cc5c4bace95","sha1":"7af647d55f9bf1bd78b69f2d296bfadc25030d71","sha256":"adb87c70bd733dc1914597fa75f012b80d8a9711fa7a0ddc0eec306386f70a4d","sha512":"7329448a24789d830e138c9a6d974e21c5d81974d09fa3ee45ffa6aa4e2d43f19d249479cea5b584c60c71fa581f482e11c17ac41bb5a41b55d704d789f8c3c2","ssdeep":"","tlshash":"b4f0209f8ae1986cc28b01a1591876795aa9d09e41327b95020281830e0260170f4f41","first_seen":"2025-11-23T07:21:30.157232Z","last_seen":"2026-01-21T06:24:16.16871Z","times_seen":2,"resource_available":false,"data":null}},"time_used":156,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":156,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9bc8b6a0f162da8d7a0d1e3abeaaf9d3/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.720Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 22:02:13 GMT","end":"Thu, 08 Jan 2026 22:02:12 GMT"},"fingerprint":{"sha1":"77:A0:FB:EB:5C:7E:49:7D:87:94:CB:C5:AB:72:11:AE:6F:98:F7:81","sha256":"A3:92:D0:6C:23:66:83:18:50:AC:6C:E2:27:1F:6A:82:CE:FC:2B:6B:7E:B7:B3:EA:B9:6A:56:B2:EC:04:AF:40"}}},"request":{"raw":"GET /9bc8b6a0f162da8d7a0d1e3abeaaf9d3/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18542\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b958b2d30cb1320e7e9344963e422b89\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46520,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46520), with no line terminators","md5":"1392621521fb2dc892b3072a044dc9d5","sha1":"428236908ea7f8f357cd86df8311f6780be71a8b","sha256":"8d1563107a2951d97c239bf59aea0743e153d488c6cda725575395022b580d04","sha512":"284b20096adcaad45297b20ce02cd16ea66a6cf906faf84e533f825731a9f8cca0bd22521d97135f252a3e75cbaf90c817973520bcc5b0bbf0bac844f78616f6","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/h1t:c9VtXvZYD6s/7V1Pela1Y/oJCZJ1t","tlshash":"a323e78a3f91f05d83da317732af900bf85e4c96618cd444e543b4b4efba36ae536a14","first_seen":"2025-11-23T07:21:30.158616Z","last_seen":"2025-11-23T07:21:30.158616Z","times_seen":1,"resource_available":true,"data":null}},"time_used":743,"timings":{"blocked":270,"dns":10,"connect":91,"send":0,"wait":95,"receive":91,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.947Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/stylesheets/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/wp-content/themes/retrotube/assets/stylesheets/font-awesome/css/font-awesome.min.css?ver=4.7.0\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 77160\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"12d68-69164b1f-182a86;;;\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o3lJisLrHFAsXe%2FtvKYj81GzlWx96HGjaKMDI3ySPd0Lt1Z3Byi%2FWXFFJtj6e5A0gIzRtqA1Et5kW3lBZja95db1eDWrHeVUQD2Gpg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f3aedb56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":77160,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 77160, version 4.459","md5":"af7ae505a9eed503f8b8e6982036873e","sha1":"d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c","sha256":"2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe","sha512":"838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892","ssdeep":"1536:/MkbAPfd1vyBKwHz4kco36ZvIaBfRPlajyXUA2jVTc:L0nXnHdfRVEAS2","tlshash":"7d7302e63b6c4943e03d6460708abe9f104b3ab42fe057e5c876db7f2722992b71552c","first_seen":"2023-04-05T03:30:47Z","last_seen":"2026-06-10T02:12:41.164621Z","times_seen":492829,"resource_available":false,"data":null}},"time_used":166,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":103,"receive":63,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.450193635586.js?key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=602fe8be-bb73-4470-80af-710054584f05%3A1%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /watch.450193635586.js?key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=602fe8be-bb73-4470-80af-710054584f05%3A1%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nlocation: https://wayfarerorthodox.com/watch.450193635586.js?dev=e\u0026key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=72a103dd14546e128d151d96777bc5a9978d22cefdfbe5e0c23bfc79d0a7f4dfaeb01d36c4b06f325f0de43bc695463175454244ab9cf2dd94aa7a99330a45d831df95e8f2732c8bad565e6e5588d609a0a1a9582eed1902cb80\u0026tz=0\u0026uuid=602fe8be-bb73-4470-80af-710054584f05%3A1%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI; expires=Sun, 23 Nov 2025 07:21:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ed4524cca9d8f965cd799587a3a7c592\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":4610,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":740,"timings":{"blocked":320,"dns":34,"connect":92,"send":0,"wait":98,"receive":0,"ssl":193},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/08/Judul-e1754128710326.png","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/Judul-e1754128710326.png HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsOZ9-gR38ACNIR4gAI249Xzu3gwPgMAYLY1tnIweIoKe759zs7PTQPR_rjQyWLIsALRIBkDBbe_ZhY1kQEAGWtQcBsoTkjbjAlyD-AIREjOa80sEL6r03NUFV9bs6KXeJj5LunH1LjWSa0qPdjmM_d0FmXNXGPn3edp2Oc8y-ILMwOGYPW9DVi64fdJwj9uuC9dVRz3Edx3Vc-4TUIlHDo3ssZH47cjuR0wm8jtsNMNT_3U1pwVALvNolT0Dy-f9_T96BZDNkg2-OC9MvVP7Ca4MypYXSqPjW21k_U3WGwf6YaAtJtrX4G8rMCflsCSrbWjiAqjZbB4jlnCw99RBxtrWQibi6_khpnEJkiPkh1NUMIp1B0hmYugLJHxCAcZw-g2xw47TSNb30iKUtOyfLf_8FWc_J8sMnkQ3urKVyaJ9TaVlIlRkMkwZyOIPcmCEvt1GMLMh6G6z4EJL_SpynDyEb3HpDVbJvV0L3IfnOs57vcLfrJCtREDkrAfXpSixob6XnJsJzIz_yet5eUDKZgZollMZCKS2UiYUytzDgO3bg9ALmUj9MIs5WnYAGARexE_U8x6ERW0XJWgdjFPkYLB2D6cvI9QdfcX9V-DELJhR9-cmckKs-dHkP5mIDwy2YgqDiDWpBUBuCmhLUkqAuCOqquc5T45nmBk9NGbuL7i2630xVsTGh11WxITICqsfQvNmU-fvmClhxYDpKDJ-qFmhcNFMa82aS75LH27Ctm3mNvtixfY_ThMVJyMMwClnXD2mXMsa8kHNHUB9GNpBmCdRYGMk5WV99GbmckyMf30NMt2HSbTD5GGjpgtYN6MUGo-xOX3AqY9UXeYepAbhqkBfLKC5Zk3SXHJ6un1-7t_fq7_72MwS7TxYFphvkusF78ieCjfTadF3VZHNd1YZ8eyYv5ECOaHsR5wpaiP_delNcqpXmJ4-b8c1XWEu04-3zwhSnaMZltmHI12uSc6FPKM0E-fGkuSDis6W5uFbqrMxPnX31xMlBroUxUmUzUDknB__8CEzOyeG7X-5de_f5P8DyyzD5vk6jCOL8AFJJkIr97zRuYP61x_vzxFzDhl4GLa4gGzSodIMqbUDTMUx5cFrk-v5Lv3ze1heI0-VpnOrlzTjV6adtTndb-GEvsRa-h5E7dteL_bDXC0US8sTnvufzqOuIKKBRGERBF4WZy2e-e_BPAAAA___FFRqdnwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsOZ9-gR38ACNIR4gAI249Xzu3gwPgMAYLY1tnIweIoKe759zs7PTQPR_rjQyWLIsALRIBkDBbe_ZhY1kQEAGWtQcBsoTkjbjAlyD-AIREjOa80sEL6r03NUFV9bs6KXeJj5LunH1LjWSa0qPdjmM_d0FmXNXGPn3edp2Oc8y-ILMwOGYPW9DVi64fdJwj9uuC9dVRz3Edx3Vc-4TUIlHDo3ssZH47cjuR0wm8jtsNMNT_3U1pwVALvNolT0Dy-f9_T96BZDNkg2-OC9MvVP7Ca4MypYXSqPjW21k_U3WGwf6YaAtJtrX4G8rMCflsCSrbWjiAqjZbB4jlnCw99RBxtrWQibi6_khpnEJkiPkh1NUMIp1B0hmYugLJHxCAcZw-g2xw47TSNb30iKUtOyfLf_8FWc_J8sMnkQ3urKVyaJ9TaVlIlRkMkwZyOIPcmCEvt1GMLMh6G6z4EJL_SpynDyEb3HpDVbJvV0L3IfnOs57vcLfrJCtREDkrAfXpSixob6XnJsJzIz_yet5eUDKZgZollMZCKS2UiYUytzDgO3bg9ALmUj9MIs5WnYAGARexE_U8x6ERW0XJWgdjFPkYLB2D6cvI9QdfcX9V-DELJhR9-cmckKs-dHkP5mIDwy2YgqDiDWpBUBuCmhLUkqAuCOqquc5T45nmBk9NGbuL7i2630xVsTGh11WxITICqsfQvNmU-fvmClhxYDpKDJ-qFmhcNFMa82aS75LH27Ctm3mNvtixfY_ThMVJyMMwClnXD2mXMsa8kHNHUB9GNpBmCdRYGMk5WV99GbmckyMf30NMt2HSbTD5GGjpgtYN6MUGo-xOX3AqY9UXeYepAbhqkBfLKC5Zk3SXHJ6un1-7t_fq7_72MwS7TxYFphvkusF78ieCjfTadF3VZHNd1YZ8eyYv5ECOaHsR5wpaiP_delNcqpXmJ4-b8c1XWEu04-3zwhSnaMZltmHI12uSc6FPKM0E-fGkuSDis6W5uFbqrMxPnX31xMlBroUxUmUzUDknB__8CEzOyeG7X-5de_f5P8DyyzD5vk6jCOL8AFJJkIr97zRuYP61x_vzxFzDhl4GLa4gGzSodIMqbUDTMUx5cFrk-v5Lv3ze1heI0-VpnOrlzTjV6adtTndb-GEvsRa-h5E7dteL_bDXC0US8sTnvufzqOuIKKBRGERBF4WZy2e-e_BPAAAA___FFRqdnwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c9ca4b05c1e801b5652fabccc3a58df0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":178,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RTPY8cRRDtPU4EdsCHEaQjRIARt56vndvBAXAYg4WxrbORA4RQT3fPXbOz00P3fJw3AiwsiwAtEgGQMPt2fWcby4KACIzMmgRZQvJGnJAv4RcgJGI065UOKnhV9d4E9WqqL42KPeKhoLtn3lQDmST0SKdtW8-elylXlbFOnbMcu20ftc7LNPCPWlsN6PIFx_Pb9mHrNcF66ohrO7bt2I51XGoRq60jcxUyuxE67dBu-27b6fjY0v_vTbEEQ5fAyz3yOCSfPfJn_DYkmyLtf3tMmF6usudf7RcJzZVGyXfeSnupqlL098tYtxCnO4uvocyMkC-WoNKdhQOoctI4QCRnZOnJ-4jSncWYiMorDyaNEogUET-IqpxCJFNIOgVTFyH5PQIwjlOnkfa3Tyld0QsPVNqoM7L8z9-Q1Yws338Caf_mWiK3rLMqKXKpUoOtuIbcmkJuTJEVU-SDFmR1Byz_CJL_RuynDiLtX39dlbJnlUL3IPnuM65nc6djxyuhH9orPvXoSiRod6XrxMJ1Qi90u-58UTKegpolFKaFQrZQxC0UWQt9vmv5dtdnDvWCOORs1fap73MR2WHXtW0aslUUrHEwRJ4NwZIhmP74RvFulrir3a7TCZ2Rs53xzbxXTnJdiEmRMjNyrj6g_HBObjekH44cZPrDq9xbFV7E_BFFT342I-SSB13chtmsYXgLJicoeY1KEFSGoKIElSSocoKqrK_wxLim3uaJKSJnkd1F9uqxyjdG9IrKN0RKQPUQmtcTmb1vLoLlD40HseFj1QCN8npMI16Psj3yWPOXWteyCj2xa3kupzGL4oAHQRiwjhfQDmWMuQHntqAejKwhzRKoaWEgZ2R99SVkckYOf3obEb0Dk9wBk4-CFg5oVYNu1hikN3uCUxmpnsjaTPXBVY0sX0Z-oTVK9sih8fq5tdvzc3nn9x8g2F2yCDBdI9M13pO_EGwkl8frqiKTdVUZ8t3pLJd9OaDNKZ3NaS4evv6GuFApzU8cM8NrL7NGaMob54TJT9KUy3TDkG_WJOdCH1eaCXLrhDkvojOF2VwrdFpkJ8-8cvxEP9PCGKnSKaickQN_fQImZ-TQT1_Pn0nnuT_Asg9gsv05jSKIshYSSZCIfZ5GNcx_-mi_HpnL2NDLoPlFpP0apa5RJjVoMoQpDozzTN998dcvm_gKUbI8jhK9PIkSnXw-31MDPzfwYwO3YOSu1XEjL-h2AxEHPPa453o87Ngi9GkY-KHfQW5m8unv7_0bAAD__0HhzLnYBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.457Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTPY8cRRDtPU4EdsCHEaQjRIARt56vndvBAXAYg4WxrbORA4RQT3fPXbOz00P3fJw3AiwsiwAtEgGQMPt2fWcby4KACIzMmgRZQvJGnJAv4RcgJGI065UOKnhV9d4E9WqqL42KPeKhoLtn3lQDmST0SKdtW8-elylXlbFOnbMcu20ftc7LNPCPWlsN6PIFx_Pb9mHrNcF66ohrO7bt2I51XGoRq60jcxUyuxE67dBu-27b6fjY0v_vTbEEQ5fAyz3yOCSfPfJn_DYkmyLtf3tMmF6usudf7RcJzZVGyXfeSnupqlL098tYtxCnO4uvocyMkC-WoNKdhQOoctI4QCRnZOnJ-4jSncWYiMorDyaNEogUET-IqpxCJFNIOgVTFyH5PQIwjlOnkfa3Tyld0QsPVNqoM7L8z9-Q1Yws338Caf_mWiK3rLMqKXKpUoOtuIbcmkJuTJEVU-SDFmR1Byz_CJL_RuynDiLtX39dlbJnlUL3IPnuM65nc6djxyuhH9orPvXoSiRod6XrxMJ1Qi90u-58UTKegpolFKaFQrZQxC0UWQt9vmv5dtdnDvWCOORs1fap73MR2WHXtW0aslUUrHEwRJ4NwZIhmP74RvFulrir3a7TCZ2Rs53xzbxXTnJdiEmRMjNyrj6g_HBObjekH44cZPrDq9xbFV7E_BFFT342I-SSB13chtmsYXgLJicoeY1KEFSGoKIElSSocoKqrK_wxLim3uaJKSJnkd1F9uqxyjdG9IrKN0RKQPUQmtcTmb1vLoLlD40HseFj1QCN8npMI16Psj3yWPOXWteyCj2xa3kupzGL4oAHQRiwjhfQDmWMuQHntqAejKwhzRKoaWEgZ2R99SVkckYOf3obEb0Dk9wBk4-CFg5oVYNu1hikN3uCUxmpnsjaTPXBVY0sX0Z-oTVK9sih8fq5tdvzc3nn9x8g2F2yCDBdI9M13pO_EGwkl8frqiKTdVUZ8t3pLJd9OaDNKZ3NaS4evv6GuFApzU8cM8NrL7NGaMob54TJT9KUy3TDkG_WJOdCH1eaCXLrhDkvojOF2VwrdFpkJ8-8cvxEP9PCGKnSKaickQN_fQImZ-TQT1_Pn0nnuT_Asg9gsv05jSKIshYSSZCIfZ5GNcx_-mi_HpnL2NDLoPlFpP0apa5RJjVoMoQpDozzTN998dcvm_gKUbI8jhK9PIkSnXw-31MDPzfwYwO3YOSu1XEjL-h2AxEHPPa453o87Ngi9GkY-KHfQW5m8unv7_0bAAD__0HhzLnYBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a3fd7c2536f496c64df8a2815e4aea9a\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":204,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 4679\r\netag: \"3509-6908fa63-14a9df;br\"\r\nlast-modified: Mon, 03 Nov 2025 18:54:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=2,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9SbLaj54p0iEeRTcvsRWtf%2BKDoorzW9My5ulg5jD9ZSIrb8Ra4QU7dQtn1nzeH5bzSybl5htchxTPqI0yWnruuUrYq7uIDqz1T9dqg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f21dd656a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":13577,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (13479)","md5":"9ffeb32e2d9efbf8f70caabded242267","sha1":"3ad0c10e501ac2a9bfa18f9cd7e700219b378738","sha256":"5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89","sha512":"8d6be545508a1c38278b8ad780c3758ae48a25e4e12eee443375aa56031d9b356f8c90f22d4f251140fa3f65603af40523165e33cae2e2d62fc78ec106e3d731","ssdeep":"192:5rprDN+sag6ifKIUpQI99P1tLm9kdgyq1+J3aCJQ+h4MPLORq:5rprxaefKI0LP19m4q1WW+h4Mjp","tlshash":"9952c8adb56679724eb721b8f03bd24f71b205de560d8940d19cc4f6282dc6e812bf78","first_seen":"2023-05-09T19:21:05Z","last_seen":"2026-06-10T02:14:35.582123Z","times_seen":827751,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/50865c8e9f805c36d66a52e62e8e8f47/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 22:02:13 GMT","end":"Thu, 08 Jan 2026 22:02:12 GMT"},"fingerprint":{"sha1":"77:A0:FB:EB:5C:7E:49:7D:87:94:CB:C5:AB:72:11:AE:6F:98:F7:81","sha256":"A3:92:D0:6C:23:66:83:18:50:AC:6C:E2:27:1F:6A:82:CE:FC:2B:6B:7E:B7:B3:EA:B9:6A:56:B2:EC:04:AF:40"}}},"request":{"raw":"GET /50865c8e9f805c36d66a52e62e8e8f47/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18538\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 5\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: aa341711cf87cffe471c02b13377743c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46502,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46502), with no line terminators","md5":"afbdce3014738fa650eeba9539f31fae","sha1":"c91a54c0b5f45db1a8ab6c0cf9c63d3782993844","sha256":"6714baf10c905eeda1232ad6c3e13008611d733b03d638a058c6dc7eb961c2dc","sha512":"031570540d420a19ed4d978d46aca8e37747f2f31a7fc7a729712eb69c1c0e4601d86225fbfd9b9357dab58953e53d16cbff4416d6a6277059972ee34edbc60f","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/lrt:c9VtXvZYD6s/7V1Pela1Y/oJCZtrt","tlshash":"1b23e78a3f91f05d839a317732af900bf85e4c966188d444e543b4b4eff636ae536a14","first_seen":"2025-11-23T07:21:30.161378Z","last_seen":"2025-11-23T07:21:30.161378Z","times_seen":1,"resource_available":true,"data":null}},"time_used":870,"timings":{"blocked":316,"dns":12,"connect":106,"send":0,"wait":113,"receive":106,"ssl":214},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.1266780481051.js?key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.449Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /watch.1266780481051.js?key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nlocation: https://sourshaped.com/watch.1266780481051.js?dev=e\u0026key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=663168a244228132a7eeb8b3814109fad0f4ff143bc178335fd31bf51f484693d5ddd3f9d1634ec3fc4a5b5d120e9c7ffc3b1c8aeb9d227c52fc786ea18d5d1e35a170dc58418aa538a361e88fa8c0e05580c9ac3655e76365ec85\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI; expires=Sun, 23 Nov 2025 07:21:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4abdd6869991c6006d3738b8f2cf3a82\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5039,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":703,"timings":{"blocked":315,"dns":0,"connect":94,"send":0,"wait":96,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/538.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/538.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26938\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"693a-6908fce7-17b46e;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HlVBYLA0Ips1m4csRRopDC2k8WnHdOfQtxUu%2B2It3ZkZsi5WbipYfhLRMLqrwBfYwAXGFHLYicDM6l42UpNT4Z9VKEr%2BFuAnmykByw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7b9f056a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":26938,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"6a746e3ed3b8883eb01c9d95ce541983","sha1":"e293d67965ab21306a79e92b21500de4878d1901","sha256":"911c31d65602da2206e6622b7d3fa519fc2d42d542e46a9ac29cdf4d899d411b","sha512":"9c4725b0033ecfb04648a70e633d5344b0fd3d5b52e5fe9d0b13f602f790c88005f6de51bf73870f51a9c2766e13409e7ed7614b4f49dcdc85317997139557d4","ssdeep":"768:9kxwg+ZdXJPaO9UToV+CNc9A1dK9U5apyMxPce:9kxwv/IoVNC9OkUqN","tlshash":"9bc2e0ba7e76a5516edce0bbc80e63e0f79c0890d5f29c2e3b73052db5584e81948746","first_seen":"2025-11-23T07:21:30.162865Z","last_seen":"2025-11-23T07:21:30.162865Z","times_seen":1,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.871Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 12448\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 16\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 194f150d8182a58b7db2516f089bb07e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16279,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"813917b504582b658fb51872c6e021e0","sha1":"d4cce37fefe18c4558e7d564909193b292a94c83","sha256":"3ee7044d67a6008c3b9ba69dc1b2b11101da6b806261de5eafaf9ef3b96914fd","sha512":"c37e366da5ce0751cd1d5e2d440eea2695fbadc136822d89352c0ede6b6b44763d393d33ac821451103a93bbf0b3c37fa54cc889c9f119672c1f7f82d46896e0","ssdeep":"384:rsT1UE5DNUbVN6mlDjtJ269NBd4US1YfvjincW3XEtizw:rC1UWDybVN6mlHn265do1sUcK8","tlshash":"d972bfa2c21418ce286cff18b48b4d9d6d16961f7a89bec1975cb1ff0c21493ea2e845","first_seen":"2025-11-23T07:21:30.164327Z","last_seen":"2025-11-23T07:21:30.164327Z","times_seen":1,"resource_available":false,"data":null}},"time_used":942,"timings":{"blocked":364,"dns":94,"connect":92,"send":0,"wait":110,"receive":92,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"104.21.15.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.489Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 07 Oct 2025 19:32:14 GMT","end":"Mon, 05 Jan 2026 20:30:46 GMT"},"fingerprint":{"sha1":"02:4D:4C:CB:35:45:05:40:6A:81:62:94:06:BD:74:E7:1B:85:B3:88","sha256":"A9:CB:1B:A1:E6:6B:1A:38:34:FA:32:44:4D:30:70:4C:4A:47:12:A4:D1:32:A5:2D:BD:A7:0C:EA:39:FF:C8:D9"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=89pdcSrZ1DqDcpaOPku3S2Je8RufV4k5gMDYq6LlK946O8lBOrGlOhfZVvAMIQYfduFnTVkUzjTcAxDArk0lKt4egZ7d0JPj026KS%2F0CFj2aIKmq\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a2ee7fd8fbe5687-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-06-02T13:53:14.553795Z","times_seen":1772,"resource_available":false,"data":null}},"time_used":208,"timings":{"blocked":37,"dns":21,"connect":2,"send":0,"wait":126,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=514","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=514 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:50 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":92,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":92,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.677Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:14:37 GMT","end":"Wed, 28 Jan 2026 01:14:36 GMT"},"fingerprint":{"sha1":"5A:67:AA:88:D5:BE:C4:00:42:86:CC:4E:FC:E7:73:FE:CB:85:71:60","sha256":"F5:6C:A4:39:AC:04:F6:11:7E:DB:94:93:4C:93:FC:EC:A2:B4:4E:A4:FE:19:8E:22:C0:D8:D4:84:67:37:70:C0"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7e2039913c62099b47f9c4a610416ea6\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":44,"dns":2,"connect":21,"send":0,"wait":19,"receive":0,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQClmZ2ad4fZ2lpn94bgKRIoiCmQkCqBh750TkxBFUFAmss5pUCRQtkC4iBv4BxASNVrnJMNXvO_79m3x3pvv6rjcJT5KunPmfbUm05Qe6fcc--XzMuOqNvapc7br9Jyj9nmZhcFRe7UDXb3m-kHPOWy_I9hQHfEc13Fcx7WPSy0StXpkj4XMb0duL3J6gddz-wFW9f93U1ow1AKvdsmzkLx96o_kQ0g2RTb64Zgww0Llr749KlNaKI2Kb36QDTNVZxjtj4m2kGSbs7-hTEvIV3NQ2ebMAVS10TlALFsy9_wjxNnmTCbi6vpjpXEKkSHmB1FXU4h0CkmnYOoKJH9IAMZx6jSy0Y1TStf00mOWdmxL5v_5G7Juyfyj55CN7iylctU-q9KykCozWE0ayNUp5MoUebmNYs2CrLfBik8h-S_EeeEgstGtd1Ulh3Yl9BCS77zk-Q53-06yEAWRsxBQny7Egg4WBm4iPDfyI2_g7QUlkymomUNpLJTSQplYKHMLI75jB84gYC71wyTibNEJaBBwETvRwHMcGrFFlKxzsI4iXwdL18H0ZeT6k--4vyj8mAVjiqH8oiXkqg9dbsFcbGC4BVMQVLxBLQhqQ1BTgloS1AVBXTXXeWo809zgqSljd9a9WfebiSpWxvS6KlZERkD1OjRvNmT-sbkCVjwxWUsMn6gOaFw0ExrzZpzvkme6sK2beY2h2LF9j9OExUnIwzAKWd8PaZ8yxryQc0dQH0Y2kGYO1FhYky1ZXnwDuWzJ4c-3ENNtmHQbTD4NWrqgdQN6scFadmcoOJWxGoq8x9QIXDXIi3kUl6xxuksOTZbPLW3tvfqF3-9DsAdkVmC6Qa4bfCTvE6yk1ybLqiYby6o25MfTeSFHco12F3G2oIV48tZ74lKtND9xzKzffJN1RDfePidMcZJmXGYrhny_JDkX-rjSTJC7J8x5EZ8pzcWlUmdlfvLMW8dPjHItjJEqm4LKlhz46zMw2ZJD977du_b-K3-C5Zdh8n2dRhHEuYVUEqRi_zuNG5j_7PH-PDbXsKLnQYsryEYNKt2gShvQdB2mPDApcv3g9Z-_7uobxOn8JE71_Eac6vTLvZw6uNvBvZZc-O1XGLlj973YDweDUCQhT3zuez6P-o6IAhqFQRT0UZhWvvjTw38DAAD__xPqh9CfBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.528Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNRZFUvAjCNoVoiAIX_bXrW9JAZgQiAhJ5ASlQClmZ2ad4fZ2lpn94bgKRIoiCmQkCqBh750TkxBFUFAmss5pUCRQtkC4iBv4BxASNVrnJMNXvO_79m3x3pvv6rjcJT5KunPmfbUm05Qe6fcc--XzMuOqNvapc7br9Jyj9nmZhcFRe7UDXb3m-kHPOWy_I9hQHfEc13Fcx7WPSy0StXpkj4XMb0duL3J6gddz-wFW9f93U1ow1AKvdsmzkLx96o_kQ0g2RTb64Zgww0Llr749KlNaKI2Kb36QDTNVZxjtj4m2kGSbs7-hTEvIV3NQ2ebMAVS10TlALFsy9_wjxNnmTCbi6vpjpXEKkSHmB1FXU4h0CkmnYOoKJH9IAMZx6jSy0Y1TStf00mOWdmxL5v_5G7Juyfyj55CN7iylctU-q9KykCozWE0ayNUp5MoUebmNYs2CrLfBik8h-S_EeeEgstGtd1Ulh3Yl9BCS77zk-Q53-06yEAWRsxBQny7Egg4WBm4iPDfyI2_g7QUlkymomUNpLJTSQplYKHMLI75jB84gYC71wyTibNEJaBBwETvRwHMcGrFFlKxzsI4iXwdL18H0ZeT6k--4vyj8mAVjiqH8oiXkqg9dbsFcbGC4BVMQVLxBLQhqQ1BTgloS1AVBXTXXeWo809zgqSljd9a9WfebiSpWxvS6KlZERkD1OjRvNmT-sbkCVjwxWUsMn6gOaFw0ExrzZpzvkme6sK2beY2h2LF9j9OExUnIwzAKWd8PaZ8yxryQc0dQH0Y2kGYO1FhYky1ZXnwDuWzJ4c-3ENNtmHQbTD4NWrqgdQN6scFadmcoOJWxGoq8x9QIXDXIi3kUl6xxuksOTZbPLW3tvfqF3-9DsAdkVmC6Qa4bfCTvE6yk1ybLqiYby6o25MfTeSFHco12F3G2oIV48tZ74lKtND9xzKzffJN1RDfePidMcZJmXGYrhny_JDkX-rjSTJC7J8x5EZ8pzcWlUmdlfvLMW8dPjHItjJEqm4LKlhz46zMw2ZJD977du_b-K3-C5Zdh8n2dRhHEuYVUEqRi_zuNG5j_7PH-PDbXsKLnQYsryEYNKt2gShvQdB2mPDApcv3g9Z-_7uobxOn8JE71_Eac6vTLvZw6uNvBvZZc-O1XGLlj973YDweDUCQhT3zuez6P-o6IAhqFQRT0UZhWvvjTw38DAAD__xPqh9CfBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e1f6a6b7443bf8bf75914ff7b2bab179\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":433,"timings":{"blocked":328,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.920Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 12444\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 18\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b82aa7f24be1578579db1600ef815660\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16277,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3076e651709f09032c3a11db06d82d90","sha1":"846e07719a1724ace5f35feccd603784f5e84495","sha256":"1a6e7fd9a0f269cdcb3e65751755a706a798ae60bc62d096ad7540095c417ca6","sha512":"a25ea1cd611a8fd7d543131c0c0a8a0231fa179c6fa170b12955de43766ec71632add58161053dc589c091cf9051cd591f8d0ab2550685390c6da225b1f24b00","ssdeep":"384:zBDwLA/Ay1KtQ5sjNe7gaviChv/fRSpc/Lm2j9eyyoFnd:zJZ/l1K+5kNYgaviCh/5Lm2jIyyoFd","tlshash":"eb72cffa90081cdf0d0e76e440ea995dad16020fa66baf24ee0d49f8093bd57672dc63","first_seen":"2025-11-23T07:21:30.166523Z","last_seen":"2025-11-23T07:21:30.166523Z","times_seen":1,"resource_available":false,"data":null}},"time_used":299,"timings":{"blocked":185,"dns":0,"connect":0,"send":0,"wait":113,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/18/a9/3a/18a93a23640bef9e9db0605254fda42d/1756661839.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.339Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/18/a9/3a/18a93a23640bef9e9db0605254fda42d/1756661839.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 72107\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:37:19 GMT\r\netag: \"68b4884f-119ab\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72107,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:11:41], progressive, precision 8, 320x240, components 3","md5":"d93418e60c08a4971076f1eeb64310a2","sha1":"6bd2c394ee81cda9c8178ad29dcc625434de82e2","sha256":"a05bb96b04f8e69521e9a34c26f9e6e56303a5cfda91bb6af42d0c07dd8a0d65","sha512":"ef95fc1bf232f9c7471931ce073aa2749a8979d63d8a9d05c8685d135e7b1e9b12d4e29225b11ab1a302b4a2243ce5d8a745e45dd1a24f66b0c48bce6ab48bf1","ssdeep":"1536:QLZxtWoLZxtWzKw/QcYLEJMbqp3uZXCNnvoqFoTTiALH6Jm2cEG:QVBVpw/Xufbq1uZXCQTTRLHvbEG","tlshash":"9563f13e6b49af33f4c757b468f8dbd1e3014ed85a7310a5798c29923b31692cb4d582","first_seen":"2025-09-02T18:27:26.477089Z","last_seen":"2026-05-24T21:20:22.523215Z","times_seen":1389,"resource_available":false,"data":null}},"time_used":487,"timings":{"blocked":334,"dns":0,"connect":0,"send":0,"wait":88,"receive":65,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RTz4scRRSuGRcPycEfEb024sGIO-lf0zttDuoao8GYhE0kBxGprqreLaenq63qH5s9qcEQPMgIHtSLPd9MdpMYgh48aSROvEhAyJzcQxbEv0AEz9KTgdV3-N5739eH975-dWlU7BEPBd0986bakklCj3Q7tvXseZlyVRnr1DnLsTv2Ueu8TAP_qLXZgC5fcDy_Yx-2XhOsr464tmPbju1Yx6UWsdo8Mlchsxuh0wntju92nK6PTf3_3hRtGNoGL_fI45B89sif8duQbIp08O0xYfq5yp5_dVAkNFcaJd95K-2nqkox2C9j3UKc7iy-hjIzQr5oQ6U7iw2gykmzASI5I-0n7yNKdxZjIiqvPJg0SiBSRPwgqnIKkUwh6RRMXYTk9wjAOE6dRjrYPqV0RS88UGmjzsjSP39DVjOydP8JpIObq4nctM6qpMilSg024xpycwq5PkVWTJFvtSCrO2D5R5D8N2I_dRDp4PrrqpR9qxS6D8l3n3E9mztdO14O_dBe9qlHlyNBe8s9JxauE3qh23PnRsl4CmraKEwLhWyhiFsoshYGfNfy7Z7PHOoFccjZiu1T3-cissOea9s0ZCsoWLPBEHk2BEuGYPrj7Yxv5P1ykutCTIqUmZFz9QHlh3NyuyH9cOTcKN7NEnel13O6oTNykOkPr3JvRXgR80cUffnZjJBLHnRxG2ajhuEtmJyg5DUqQVAZgooSVJKgygmqsr7CE-OaepsnpoicRXYX2avHKl8f0SsqXxcpAdVDaF5PZPa-uQiWPzTeig0fqwZolNdjGvF6lO2Rx5q_1LqWVeiLXctzOY1ZFAc8CMKAdb2AdiljzA04twX1YGQNadqgpoUtOSNrKy8hkzNy-NPbiOgdmOQOmHwUtHBAqxp0o8ZWerMvOJWR6ousw9QAXNXI8iXkF1qjZI8cGq-dW709P5d3fv8Zgt0liwDTNTJd4z35C8F6cnm8pioyWVOVId-dznI5kFu0OaWzOc3Fw9ffEBcqpfmJY2Z47WXWCE1545ww-UmacpmuG_LNquRc6ONKM0FunTDnRXSmMBurhU6L7OSZV46fGGRaGCNVOgWVM3Lgr0_A5Iwc-unr-TPpPvcHWPYBTLY_p1EEUdZGIgkSsc_TqIb5Tx_t1yNzGet6CTS_iHRQo9Q1yqQGTYYwxYFxnum7L_76ZRNfIUqWxlGilyZRopPPG59-mJvVwI8N3IKRu1bXjbyg1wtEHPDY457r8bBri9CnYeCHfhe5mcmnv7_3bwAAAP__uZ7j8NgEAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTz4scRRSuGRcPycEfEb024sGIO-lf0zttDuoao8GYhE0kBxGprqreLaenq63qH5s9qcEQPMgIHtSLPd9MdpMYgh48aSROvEhAyJzcQxbEv0AEz9KTgdV3-N5739eH975-dWlU7BEPBd0986bakklCj3Q7tvXseZlyVRnr1DnLsTv2Ueu8TAP_qLXZgC5fcDy_Yx-2XhOsr464tmPbju1Yx6UWsdo8Mlchsxuh0wntju92nK6PTf3_3hRtGNoGL_fI45B89sif8duQbIp08O0xYfq5yp5_dVAkNFcaJd95K-2nqkox2C9j3UKc7iy-hjIzQr5oQ6U7iw2gykmzASI5I-0n7yNKdxZjIiqvPJg0SiBSRPwgqnIKkUwh6RRMXYTk9wjAOE6dRjrYPqV0RS88UGmjzsjSP39DVjOydP8JpIObq4nctM6qpMilSg024xpycwq5PkVWTJFvtSCrO2D5R5D8N2I_dRDp4PrrqpR9qxS6D8l3n3E9mztdO14O_dBe9qlHlyNBe8s9JxauE3qh23PnRsl4CmraKEwLhWyhiFsoshYGfNfy7Z7PHOoFccjZiu1T3-cissOea9s0ZCsoWLPBEHk2BEuGYPrj7Yxv5P1ykutCTIqUmZFz9QHlh3NyuyH9cOTcKN7NEnel13O6oTNykOkPr3JvRXgR80cUffnZjJBLHnRxG2ajhuEtmJyg5DUqQVAZgooSVJKgygmqsr7CE-OaepsnpoicRXYX2avHKl8f0SsqXxcpAdVDaF5PZPa-uQiWPzTeig0fqwZolNdjGvF6lO2Rx5q_1LqWVeiLXctzOY1ZFAc8CMKAdb2AdiljzA04twX1YGQNadqgpoUtOSNrKy8hkzNy-NPbiOgdmOQOmHwUtHBAqxp0o8ZWerMvOJWR6ousw9QAXNXI8iXkF1qjZI8cGq-dW709P5d3fv8Zgt0liwDTNTJd4z35C8F6cnm8pioyWVOVId-dznI5kFu0OaWzOc3Fw9ffEBcqpfmJY2Z47WXWCE1545ww-UmacpmuG_LNquRc6ONKM0FunTDnRXSmMBurhU6L7OSZV46fGGRaGCNVOgWVM3Lgr0_A5Iwc-unr-TPpPvcHWPYBTLY_p1EEUdZGIgkSsc_TqIb5Tx_t1yNzGet6CTS_iHRQo9Q1yqQGTYYwxYFxnum7L_76ZRNfIUqWxlGilyZRopPPG59-mJvVwI8N3IKRu1bXjbyg1wtEHPDY457r8bBri9CnYeCHfhe5mcmnv7_3bwAAAP__uZ7j8NgEAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4a2f3421ff7f409ea72058969d4ddbad\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":134,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNSeKpOBHELQrRJFI-LK_bn1LCsCEQERIIicoBUoxOzPrDLe3s8zsD8dVIFIUUSAjUQAN63dOTEIUQUGFiMKZBkUCZQuEi7jhD0AIiRqtfZLhK973ffu2eO_Nd2293CE-Srp99m21KtOUHh30HfvwBZlxVRv79HnbdfrOMfuCzMLgmL3Sga5ecv2g7xyx3xBspI56jus4ruPaJ6QWiVo5ustC5ncitx85_cDru4MAK_r_uyktGGqBVzvkaUjePvFH8i4kmyIbf3NcmFGh8hdfH5cpLZRGxTffyUaZqjOM98dEW0iyzdnfUKYl5LM5qGxz5gCq2ugcIJYtmXv2EeJscyYTcXVjT2mcQmSI-UHU1RQinULSKZi6CskfEoBxnD6DbHzztNI1vbzH0o5tSe-fvyHrlvQePYNsfHcxlSv2OZWWhVSZwUrSQK5MIZenyMstFKsWZL0FVnwIyX8hznMHkY1vv6kqObIroUeQfPsFz3e4O3CS-SiInPmA-nQ-FnQ4P3QT4bmRH3lDbzcomUxBzRxKY6GUFsrEQplbGPNtO3CGAXOpHyYRZwtOQIOAi9iJhp7j0IgtoGSdgzUU-RpYugamryDXH3zF_QXhxyxYpxjJT1pCrvnQ5X2YSw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmBk-NZ5qbPDVl7M66N-t-M1HF8jq9oYplkRFQvQbNmw2Zv2-ughWPTVYTwyeqAxoXzYTGvFnPd8hTXdjWrbzGSGzbvsdpwuIk5GEYhWzgh3RAGWNeyLkjqA8jG0gzB2osrMqWLC28gly25MjH9xHTLZh0C0w-CVq6oHUDeqnBanZ3JDiVsRqJvM_UGFw1yIseisvWerpDDk2Wzi_e3331i7_9CsEekFmB6Qa5bvCe_IlgOb0-WVI12VhStSHfnskLOZartLuIcwUtxOO33xKXa6X5yeNm7darrCO68c55YYpTNOMyWzbk60XJudAnlGaC_HDSXBDx2dJcWix1Vuanzr524uQ418IYqbIpqGzJgb8-ApMtOXTvy91rHxz-Eyy_ApPv6zSKIM57SCVBKva_07iB-c8e78_r5jqWdQ-0uIps3KDSDaq0AU3XYMoDkyLXD17--fOuvkCc9iZxqnsbcarTT1ty8fd7HfzYwfd7sRm5bQ-82A-Hw1AkIU987ns-jwaOiAIahUEUDFCYVj7_3cN_AwAA__88HPZmnwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv28cRRidNSeKpOBHELQrRJFI-LK_bn1LCsCEQERIIicoBUoxOzPrDLe3s8zsD8dVIFIUUSAjUQAN63dOTEIUQUGFiMKZBkUCZQuEi7jhD0AIiRqtfZLhK973ffu2eO_Nd2293CE-Srp99m21KtOUHh30HfvwBZlxVRv79HnbdfrOMfuCzMLgmL3Sga5ecv2g7xyx3xBspI56jus4ruPaJ6QWiVo5ustC5ncitx85_cDru4MAK_r_uyktGGqBVzvkaUjePvFH8i4kmyIbf3NcmFGh8hdfH5cpLZRGxTffyUaZqjOM98dEW0iyzdnfUKYl5LM5qGxz5gCq2ugcIJYtmXv2EeJscyYTcXVjT2mcQmSI-UHU1RQinULSKZi6CskfEoBxnD6DbHzztNI1vbzH0o5tSe-fvyHrlvQePYNsfHcxlSv2OZWWhVSZwUrSQK5MIZenyMstFKsWZL0FVnwIyX8hznMHkY1vv6kqObIroUeQfPsFz3e4O3CS-SiInPmA-nQ-FnQ4P3QT4bmRH3lDbzcomUxBzRxKY6GUFsrEQplbGPNtO3CGAXOpHyYRZwtOQIOAi9iJhp7j0IgtoGSdgzUU-RpYugamryDXH3zF_QXhxyxYpxjJT1pCrvnQ5X2YSw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmBk-NZ5qbPDVl7M66N-t-M1HF8jq9oYplkRFQvQbNmw2Zv2-ughWPTVYTwyeqAxoXzYTGvFnPd8hTXdjWrbzGSGzbvsdpwuIk5GEYhWzgh3RAGWNeyLkjqA8jG0gzB2osrMqWLC28gly25MjH9xHTLZh0C0w-CVq6oHUDeqnBanZ3JDiVsRqJvM_UGFw1yIseisvWerpDDk2Wzi_e3331i7_9CsEekFmB6Qa5bvCe_IlgOb0-WVI12VhStSHfnskLOZartLuIcwUtxOO33xKXa6X5yeNm7darrCO68c55YYpTNOMyWzbk60XJudAnlGaC_HDSXBDx2dJcWix1Vuanzr524uQ418IYqbIpqGzJgb8-ApMtOXTvy91rHxz-Eyy_ApPv6zSKIM57SCVBKva_07iB-c8e78_r5jqWdQ-0uIps3KDSDaq0AU3XYMoDkyLXD17--fOuvkCc9iZxqnsbcarTT1ty8fd7HfzYwfd7sRm5bQ-82A-Hw1AkIU987ns-jwaOiAIahUEUDFCYVj7_3cN_AwAA__88HPZmnwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: de7984b481ffac8cbd8546e6ba6988ef\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":292,"timings":{"blocked":196,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"216.58.207.227","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:57 GMT","end":"Mon, 19 Jan 2026 08:34:56 GMT"},"fingerprint":{"sha1":"A9:72:6E:D8:AB:26:CE:26:35:A4:39:55:24:08:04:0F:24:56:E8:8C","sha256":"65:84:7B:FE:24:02:CE:3E:DB:6E:1C:6B:B8:FC:99:F5:A5:65:83:F1:66:75:ED:20:20:63:06:ED:27:8A:82:FE"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 18 Nov 2025 19:22:36 GMT\r\nexpires: Wed, 18 Nov 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nage: 388694\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-06-10T02:15:04.407748Z","times_seen":875654,"resource_available":false,"data":null}},"time_used":228,"timings":{"blocked":108,"dns":1,"connect":10,"send":0,"wait":8,"receive":4,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/jquery.bxslider.min.js?ver=4.2.15","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.724Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/js/jquery.bxslider.min.js?ver=4.2.15 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 6023\r\netag: \"5ebc-69164b1f-182a76;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=MXi%2B3ATrk2LTMituoMNJ3lSvn2KIpKrHfuf%2F9N5Q%2FqljdnWQ0S58XwZx7Aju3nn8aJgb7czmULKj1bkX%2BH3tSfoacidBfkC740yEhA%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f22ddd56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":24252,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (24063)","md5":"c675495748ef0df6858b93dd9e623c46","sha1":"e1be723e4e25d37282821c50b7e12796d3df5f8d","sha256":"9a32744fa4707d6ea1ad2b696c644c4f45d327509989b4625b8a980e4a45e271","sha512":"1775ad0e5bc7d3cc9ebdd032b94e440a0872f616f983ff867511984daba748ed52e1de5c67f0e4648947bef65b499b3a6197ff7726cf1f481b7d4253b6711127","ssdeep":"384:nudkTa6bYaGQZKbZi1X5U59g+rzyPSS1SMVu8r2WiWQK7XYANWck6QDhC2k+0CMu:uv9gPSSbs8PwhCK0CMl+ArJwz","tlshash":"e6b2b609b13939be05f632baf25ecb0550f6448d9827f0f4a8b5c94ddad88d4102fbe6","first_seen":"2023-03-07T01:15:16Z","last_seen":"2026-06-10T00:06:15.485092Z","times_seen":4188,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":110,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/634.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/634.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 36852\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"8ff4-6908fce6-17aa18;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:10 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FuO9Rzjc2CAwW3CsWlxpuIVdGwueLrKpTsNdgHJZsHWsFh%2Ftx3HFa5%2B9SFdxilaHgU7oz7zPU6BwsFPxJq%2F0cNGEm3iVlL6tXpmFvQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7da1556a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":36852,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"bf03177226f9706d4f382b76994b378b","sha1":"10029a18db5d82b808ed0744977de3e42ca899da","sha256":"d9169b9c665d513e7773c2a529232b92508499b1efa9033103bbe0d8fcd23435","sha512":"a9496d522807d76ab31a8d705d3864efe7a7bb98c91fa78bd03b07c6d845d80cd04c4df2da2bcac52fadc8aa3e8c29b9495a11247e8b0fa1414e456d358b8bae","ssdeep":"768:hlIkn2jMqY0cNy5B1niyeae/e7ksxr8K+rrcTqDruTkN5CBWwfLgLGXbR:hlIknyMYc05Xiyebm7TDUMGCwwfsLcF","tlshash":"5df2f1b03a605f6d3ce3fd378d79ac30e41aa96b2586915cc747c19a4bdc24e54dd2c2","first_seen":"2025-11-23T07:21:30.169543Z","last_seen":"2025-11-23T07:21:30.169543Z","times_seen":1,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":37,"receive":30,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.w.org/images/core/emoji/16.0.1/svg/1f517.svg","fqdn":"s.w.org","domain":"w.org","tld":"org"},"ip":{"addr":"192.0.77.48","port":443,"asn":2635,"as":"AUTOMATTIC","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.897Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"s.w.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 19:44:42 GMT","end":"Sat, 24 Jan 2026 19:44:41 GMT"},"fingerprint":{"sha1":"FD:D4:B7:E9:AC:7B:28:11:0D:96:A9:CC:26:88:07:21:A3:BD:51:DE","sha256":"E6:36:0F:D2:9B:17:E4:A8:11:A6:86:BE:23:8C:5A:3E:36:6A:2E:39:90:F1:28:C5:6D:5F:8B:4B:3E:FF:1B:12"}}},"request":{"raw":"GET /images/core/emoji/16.0.1/svg/1f517.svg HTTP/1.1\r\nHost: s.w.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/svg+xml\r\nlast-modified: Tue, 27 May 2025 09:57:55 GMT\r\nvary: Accept-Encoding\r\nx-frame-options: SAMEORIGIN\r\ncontent-encoding: br\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000\r\naccess-control-allow-methods: GET, HEAD\r\naccess-control-allow-origin: *\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-nc: HIT arn 24\r\nserver-timing: a8c-cdn, dc;desc=arn, cache;desc=HIT;dur=1.0\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":502,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"7c13aa0def6ccb6932f47dedd33f59c1","sha1":"64b8cede1c101f5355935c0ad126e0cea31ab608","sha256":"fa8717b7f702f4a53ec6b76775d90e2583470d0262499e9af5e4477069920156","sha512":"7d432f7752f6ae4af03cf65e22a67106688334ecf9e94ee998f44becda415bf6b832276e7562d98bd5b965af6f3e00d31fbefe82ca2ee0b926fe1b1e251ffc3e","ssdeep":"","tlshash":"01f050512db8b4cc68950ddd4e9964d30277423dd3578aedd6d8d82094d3dc15f0dc19","first_seen":"2023-04-06T22:22:04Z","last_seen":"2026-06-09T20:37:33.242776Z","times_seen":1040,"resource_available":false,"data":null}},"time_used":178,"timings":{"blocked":82,"dns":61,"connect":8,"send":0,"wait":8,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.115Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 11812\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=2; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=2; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 20\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 582e9f162e734ff1b82d62d67c29e00b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16890,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1a989a38ecfaed2e8222bf35004bc2a5","sha1":"72335d37f97f2a60fae22bb4d75295d754416689","sha256":"d6b419257d2a415a97f73c4acd6fe8efa89b57ad3b4f5a004f4adc67727ff83e","sha512":"1a25d320fb4c505cdb812f01cd07d6a4cf909e5ef6ea01fd35efd36ffa6e48e0568ba436ccd16543b60e9621d3c0ddd49f59f30bff1814bf11fa2296c76f7cdf","ssdeep":"384:KWH346HpYlbZar11vzbrHDv84w0do/OE/rOCnE3qJ127:KWX46H+FZaTHzL8Z/b65G127","tlshash":"ef72aff78a4ce29f1b3875bc498f2e2d1c63814fed85ab78da6c452e1c36d75220449d","first_seen":"2025-11-23T07:21:30.171645Z","last_seen":"2025-11-23T07:21:30.171645Z","times_seen":1,"resource_available":false,"data":null}},"time_used":221,"timings":{"blocked":105,"dns":0,"connect":0,"send":0,"wait":115,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvW8dxReddaxfkRQ_IAjaFaIgCL_s11u_JQVgQiAiJJETlAKlmJ2ZdYa3b2eZ2Q_HVSBSFFEgI1EADfvOc2ISoggKKkRknmlQJFC2QFgobvgLEBI1WudJhlvce-6eLc45c6-Ny13io6Q7Z99SazJN6dF-z7GfuyAzrmpjnz5vu07POWZfkFkYHLNXu6arF10_6DlH7NcFG6qjnuM6juu49gmpRaJWj-6xkPmdyO1FTi_wem4_wKr-725KC4Za4NUueQKSt___I3kHkk2Rjb4-LsywUPkLr43KlBZKo-Kbb2fDTNUZRvsw0RaSbHP2N5RpCfl0DirbnDmAqjY6B4hlS-aeeog425zJRFzdeKQ0TiEyxPwQ6moKkU4h6RRMXYXkDwjAOE6fQTa6eVrpml5-xNKObcn8339B1i2Zf_gkstHdpVSu2udUWhZSZQarSQO5OoVcmSIvt1GsWZD1NljxAST_mThPH0I2uv2GquTQroQeQvKdZz3f4W7fSRaiIHIWAurThVjQwcLATYTnRn7kDby9oGQyBTVzKI2FUlooEwtlbmHEd-zAGQTMpX6YRJwtOgENAi5iJxp4jkMjtoiSdQ7WUeTrYOk6mL6CXL__JfcXhR-zYEwxlB-3hFzzocstmEsNDLdgCoKKN6gFQW0IakpQS4K6IKir5gZPjWeamzw1ZezOpjebfjNRxcqY3lDFisgIqF6H5s2GzN8zV8GKA5O1xPCJ6hqNi2ZCY96M813yeBe2dSuvMRQ7tu9xmrA4CXkYRiHr-yHtU8aYF3LuCOrDyAbSzIEaC2uyJcuLLyOXLTny0RZiug2TboPJx0BLF7RuQC81WMvuDgWnMlZDkfeYGoGrBnkxj-KyNU53yeHJ8vmlrb1Xv_jbdxDsPpkVmG6Q6wbvyh8JVtLrk2VVk41lVRvyzZm8kCO5RruLOFfQQvzv9pvicq00P3ncrN96hXVEB--cF6Y4RTMusxVDvlqSnAt9QmkmyPcnzQURny3NpaVSZ2V-6uyrJ06Oci2MkSqbgsqWHPzzQzDZksP3vti79v7zv4PlV2DyfZ1GEcT5AaSSIBX732ncwPxrj_fx2FzHip4HLa4iGzWodIMqbUDTdZjy4KTI9f2Xfvqsq88Rp_OTONXzG3Gq00-6nO517Ye9xFpy8ddfYOSO3fdiPxwMQpGEPPG57_k86jsiCmgUBlHQR2Fa-cy3D_4JAAD___FnveKfBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvW8dxReddaxfkRQ_IAjaFaIgCL_s11u_JQVgQiAiJJETlAKlmJ2ZdYa3b2eZ2Q_HVSBSFFEgI1EADfvOc2ISoggKKkRknmlQJFC2QFgobvgLEBI1WudJhlvce-6eLc45c6-Ny13io6Q7Z99SazJN6dF-z7GfuyAzrmpjnz5vu07POWZfkFkYHLNXu6arF10_6DlH7NcFG6qjnuM6juu49gmpRaJWj-6xkPmdyO1FTi_wem4_wKr-725KC4Za4NUueQKSt___I3kHkk2Rjb4-LsywUPkLr43KlBZKo-Kbb2fDTNUZRvsw0RaSbHP2N5RpCfl0DirbnDmAqjY6B4hlS-aeeog425zJRFzdeKQ0TiEyxPwQ6moKkU4h6RRMXYXkDwjAOE6fQTa6eVrpml5-xNKObcn8339B1i2Zf_gkstHdpVSu2udUWhZSZQarSQO5OoVcmSIvt1GsWZD1NljxAST_mThPH0I2uv2GquTQroQeQvKdZz3f4W7fSRaiIHIWAurThVjQwcLATYTnRn7kDby9oGQyBTVzKI2FUlooEwtlbmHEd-zAGQTMpX6YRJwtOgENAi5iJxp4jkMjtoiSdQ7WUeTrYOk6mL6CXL__JfcXhR-zYEwxlB-3hFzzocstmEsNDLdgCoKKN6gFQW0IakpQS4K6IKir5gZPjWeamzw1ZezOpjebfjNRxcqY3lDFisgIqF6H5s2GzN8zV8GKA5O1xPCJ6hqNi2ZCY96M813yeBe2dSuvMRQ7tu9xmrA4CXkYRiHr-yHtU8aYF3LuCOrDyAbSzIEaC2uyJcuLLyOXLTny0RZiug2TboPJx0BLF7RuQC81WMvuDgWnMlZDkfeYGoGrBnkxj-KyNU53yeHJ8vmlrb1Xv_jbdxDsPpkVmG6Q6wbvyh8JVtLrk2VVk41lVRvyzZm8kCO5RruLOFfQQvzv9pvicq00P3ncrN96hXVEB--cF6Y4RTMusxVDvlqSnAt9QmkmyPcnzQURny3NpaVSZ2V-6uyrJ06Oci2MkSqbgsqWHPzzQzDZksP3vti79v7zv4PlV2DyfZ1GEcT5AaSSIBX732ncwPxrj_fx2FzHip4HLa4iGzWodIMqbUDTdZjy4KTI9f2Xfvqsq88Rp_OTONXzG3Gq00-6nO517Ye9xFpy8ddfYOSO3fdiPxwMQpGEPPG57_k86jsiCmgUBlHQR2Fa-cy3D_4JAAD___FnveKfBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0c318942c43253f0b652b6a2d6139798\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":168,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/6b59e6699e45dd3d2d19a55f904013ec/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 10 Oct 2025 22:02:13 GMT","end":"Thu, 08 Jan 2026 22:02:12 GMT"},"fingerprint":{"sha1":"77:A0:FB:EB:5C:7E:49:7D:87:94:CB:C5:AB:72:11:AE:6F:98:F7:81","sha256":"A3:92:D0:6C:23:66:83:18:50:AC:6C:E2:27:1F:6A:82:CE:FC:2B:6B:7E:B7:B3:EA:B9:6A:56:B2:EC:04:AF:40"}}},"request":{"raw":"GET /6b59e6699e45dd3d2d19a55f904013ec/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18554\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 84dfba7775ba0130ab308f91fe1ccaad\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":46550,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46550), with no line terminators","md5":"08d73b863c0f6b24ffcb99b099be1995","sha1":"999f2e16d29d8ff19ee861d6a8c9741d2788eca6","sha256":"37db87ad62124160158a0f0d65d810b462bfb8043af82fda1aca8031d175ad9a","sha512":"1fc50a8af73be0bbec8574802c944a27389c6fe348f822c61ca96c35a8b9df7d7c2170d5411108db7a40fd17e0cd76f8a62dab0cafca5275d251d951074598fd","ssdeep":"768:+t9VtXvZi5DpYscQ7V1UQeUMa1Y/D56JCZ/Xdt:c9VtXvZYD6s/7V1Pela1Y/oJCZPdt","tlshash":"e723e8ca3f91f09d83da317722af500bf85e4c966188d444e543b4b4effa36ae536a14","first_seen":"2025-11-23T07:21:30.17311Z","last_seen":"2025-11-23T07:21:30.17311Z","times_seen":1,"resource_available":true,"data":null}},"time_used":768,"timings":{"blocked":283,"dns":10,"connect":91,"send":0,"wait":95,"receive":92,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1367.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.529Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1367.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/f9/ad/1e/f9ad1e8c84bbfd29025a219de7a6e2e4/1756661889.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.290Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/f9/ad/1e/f9ad1e8c84bbfd29025a219de7a6e2e4/1756661889.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 72616\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:38:09 GMT\r\netag: \"68b48881-11ba8\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72616,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:17:17], progressive, precision 8, 320x240, components 3","md5":"dc08b03725a02eb4bcce51a4c8bc3523","sha1":"833cebbe8351d267c41889bcae2a7060b73b2c47","sha256":"a6c47a6cd72ed353ef5b8b14eb91639b5a085c266b40021527d71874e77b7e3e","sha512":"ec649f021b9ccfd939c655659521cb3cee79713d91430c67933d5ad7e93c5f8fc9e9f50d323c4278bed3fa16a574d53ba0c55c44fe82da3344eb1f8771a74c5e","ssdeep":"1536:MAji72b6OQTAji72b6O5t6kf0k0RO6inwyxPkOdxGIw2:ri72bti72bN6kb0Q6inweckpw2","tlshash":"b663f139f3d2ef22e7f863784c51c6a3f102af4897932790bc2c65691b712a24c6d249","first_seen":"2025-09-02T19:18:23.955875Z","last_seen":"2026-05-25T10:53:19.655424Z","times_seen":1380,"resource_available":false,"data":null}},"time_used":971,"timings":{"blocked":419,"dns":1,"connect":19,"send":0,"wait":70,"receive":62,"ssl":397},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/themes/retrotube/assets/js/jquery.touchSwipe.min.js?ver=1.6.18","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:47.725Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/themes/retrotube/assets/js/jquery.touchSwipe.min.js?ver=1.6.18 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 4876\r\netag: \"4fce-69164b1f-182a78;br\"\r\nlast-modified: Thu, 13 Nov 2025 21:18:23 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Pooesv0kpmQYt%2B27xtkd4TXRA7A9kNXGMWrPDWW1qNDiJNw67HsWefKJJqnkW9tKjitJSS2FF6KlbqX8FiqzwziXqiRscJ4c8EFqQQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f22dde56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":20430,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (20018)","md5":"4cd5ea35543390c5fc4e9def651ab721","sha1":"d360aa74dff157fcefda69336ecf420f04940f98","sha256":"9167cb37ed21405ef9556646b83789a2099c15398f5cea867470df1e81752e17","sha512":"d666a51729862abb8d23b0cca5d5ade738c08df2a23fbabb55be95f2a1fbef60255bda850cb36457e70bb2706067f9cee620169c9166f5e9f29a48af470d4fab","ssdeep":"384:lrKvSC3FheMYNzktJlro8aVfPxodAuyalYleh++PFoAS4TSPE9MfA+0UUTK7:gqC36LkJcjPxodAl8DiPE9/+0UKK7","tlshash":"da9294c5bb053d53e9ff12f64157170ba2368eed050e10289839efc629314b1a6efb69","first_seen":"2023-03-07T01:15:16Z","last_seen":"2026-06-10T00:06:15.473029Z","times_seen":5126,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":153,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/606.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.524Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/606.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.919Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 11582\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 21\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 02f18473c707b8d439307e7058486a87\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16181,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"06f07cab3bbbb6492d8ed4399b48a321","sha1":"52328204dcc27b71fcb32a11f5fa69e4670e5fd3","sha256":"efefcc27c2589e84c6f134b20f8ed859c1760c3af1eb01bf504a900a591b5173","sha512":"d927beec0138d8b506d285ce7f350d40ed61ad5f2c0dbb7b50219a8509b92c37e4ea7f961d9d38a493c1888cc435e72bc25647c9e4f4c357d1c6922b2e42b397","ssdeep":"384:3Ckd+y5IZGUlHs/cE2ivEv+VPWTw/KyW6:3MPIGM/cE2icviP5W6","tlshash":"fc72c0bc956d30eb0b687e69796b18430c01421fadc8bff8cb19b5ce8f2ead11745951","first_seen":"2025-11-23T07:21:30.178958Z","last_seen":"2025-11-23T07:21:30.178958Z","times_seen":1,"resource_available":false,"data":null}},"time_used":265,"timings":{"blocked":148,"dns":0,"connect":0,"send":0,"wait":116,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/59/8c/2f/598c2f373d6812e269996af23a7f78f1/1756661784.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.519Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/59/8c/2f/598c2f373d6812e269996af23a7f78f1/1756661784.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 69386\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:36:25 GMT\r\netag: \"68b48819-10f0a\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69386,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:08:08], progressive, precision 8, 320x240, components 3","md5":"5f7d286b0003d4c7114958bcfe2f5ddf","sha1":"49b578a264b391002192798301ff8130b3108bf8","sha256":"7f80c6088ea177b9fbfb0fd5e735477bd378811eb55f182c289cc9cb89241bb8","sha512":"91e7dc2ad002a97a2f968877a5b5b5b78eca1dc130e71670d8ca459c7a79fa0f9d4bc497d21ba8863548aec29aac61191c7bd1ae6e688e2e34ff5a0ffca6c653","ssdeep":"1536:PiE1WE1irjUPrAimkKnW0ChT00A9ctznHDqDd0:P1j1EHimTnwhTAUHDMd0","tlshash":"fe6301269b919c33e0f84d74ed54dfa37712bca8e7c34a017d6d3a16a760289ec4819f","first_seen":"2025-09-02T18:13:44.375856Z","last_seen":"2026-05-24T21:20:22.539331Z","times_seen":1386,"resource_available":false,"data":null}},"time_used":336,"timings":{"blocked":156,"dns":0,"connect":0,"send":0,"wait":88,"receive":92,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.994Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:50 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LunTMtYPtc156e%2BwzB%2FNmV0GecRntlo6GVfLFjU9K%2B1WDUkEsN66ofUOBSgGvGj8bdKsz1pIYSGaqg9cgSJAFLSBHa3DmQvtUMoS6Q4b\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"68b9703b-2762\"\r\ncontent-encoding: br\r\ncf-ray: 9a2ee80049e45691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-06-02T13:53:14.565021Z","times_seen":1658,"resource_available":false,"data":null}},"time_used":463,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":463,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/603.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.640Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/603.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 26262\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"6696-6908fce6-17a9ec;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:10 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nage: 0\r\ncf-cache-status: HIT\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F0NYDYOk0sRcVZOLL1bDTEisOUdz%2BAdBBuyfW%2BoT0liKPAtjsThNPd3tT6CsyVMvstMnXI1KtExcjszyj4RBnyUzVOMeFAMEotshhQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0456a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":26262,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"3cb1393ca5fd9f9e661a93d8a090afdd","sha1":"8083c4b93ced6f9d95a618bf1c57a2ac03165463","sha256":"5018545cc288ab5f21d68d50fc3a96b1343a7e3c40909b1f5b68298a2c81e887","sha512":"601024d105495e19965feca92d0db7495258c1ee5b7f32794aa9ca989902a4a2c09f5fff8cedcf1550793ab9ddfc8759f673d7ff9f87552834fe8b8b84a9def4","ssdeep":"384:FgDA/BkLId6u2l5HBK9fmY4/EwYgmynT2dP54NN8y3Fh02sUp6CPx40A7iO:mE/ByzHHkR4/Ewi22d+h02R6a82O","tlshash":"c2c2d179bc1920cb0a97f6b70ce73739a927c8234a56595ad7b76f03d4009c0cae71b6","first_seen":"2025-11-23T07:21:30.183158Z","last_seen":"2025-11-23T07:21:30.183158Z","times_seen":1,"resource_available":false,"data":null}},"time_used":46,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":31,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.888Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 11449\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 18\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a0e9f813b80bdbcb212df2375fd281b9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":16241,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"4c2a32e861896a924be621abba4c683f","sha1":"38184f7aeebdcec0140eec6d732ebf28595418c8","sha256":"bdf630b5564df38e166e6fc620cc117a0c802a8d37b198c5eece5179f7af490f","sha512":"d39f76187ac2c0d2dde85ad21277c16e53b22603b236008c24f456741e1a86a363f2e30e276f2a47c197107b5107681262ed1d0708a7a426293681bdbc6ec111","ssdeep":"384:xG39iwCrEOcafKREWrJG3xv7Wxu80O0IuleU:xcrC/VKREcJG3xv7Wx/0O0IuMU","tlshash":"f872cefb437d21eb2f94424cfc97089b1d80a07bd8ac6e8a5a1cd6ad1c19923261f176","first_seen":"2025-11-23T07:21:30.184491Z","last_seen":"2025-11-23T07:21:30.184491Z","times_seen":1,"resource_available":false,"data":null}},"time_used":759,"timings":{"blocked":354,"dns":0,"connect":97,"send":0,"wait":115,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.450193635586.js?dev=e\u0026key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=72a103dd14546e128d151d96777bc5a9978d22cefdfbe5e0c23bfc79d0a7f4dfaeb01d36c4b06f325f0de43bc695463175454244ab9cf2dd94aa7a99330a45d831df95e8f2732c8bad565e6e5588d609a0a1a9582eed1902cb80\u0026tz=0\u0026uuid=602fe8be-bb73-4470-80af-710054584f05%3A1%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.923Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /watch.450193635586.js?dev=e\u0026key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=72a103dd14546e128d151d96777bc5a9978d22cefdfbe5e0c23bfc79d0a7f4dfaeb01d36c4b06f325f0de43bc695463175454244ab9cf2dd94aa7a99330a45d831df95e8f2732c8bad565e6e5588d609a0a1a9582eed1902cb80\u0026tz=0\u0026uuid=602fe8be-bb73-4470-80af-710054584f05%3A1%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nReferer: https://kedaibokep.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 3272\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=602fe8be-bb73-4470-80af-710054584f05:1:1; expires=Sun, 30 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv5=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs5=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nu_pl27881586=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 30\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bfbe12dea2a75320506bd4312704df24\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4610,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (3734)","md5":"500855af99cdb43d8768e96bfbb13bad","sha1":"0f2b190eddd115eebce356ca4ac4643a211bfb54","sha256":"32bdd1eeea7328ca3f741e339411e2132e9973aa9be9d4da7c6954373dbb38b7","sha512":"ddaf30ef438eb8117e89aa302f4286450d138e6813781ed33ccfb97470e72303b4b7867be64781e974dadda965f02b52369d83e4dacf154bdd305b23a2dd4766","ssdeep":"96:ytoz3tJINBSjSssSaewKiovhhk/hFBGCB2NPLqIvxrRWw1ZDQbTCfMEDaH:tzgpdpek952NjzprRWoV2CkCaH","tlshash":"f5914a351dc1a63cec06406da56f941abd70b20a2e04ce40b85df7a60f519d95e9decc","first_seen":"2025-11-23T07:21:30.185712Z","last_seen":"2025-11-23T07:21:30.185712Z","times_seen":1,"resource_available":false,"data":null}},"time_used":123,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":123,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvW8dxReddaxfkRQ_IAjaFaIgCL_s11u_JQVgQiAiJJETlAKlmJ2ZdYa3b2eZ2Q_HVSBSFFEgI1EADfvOc2ISoggKOj6sZ4SEIoGyBcJFTMFfgJCo0TpPMtzi3nP3bHHOmXttXO4SHyXdOfuGWpNpSo_2e479zAWZcVUb-_R523V6zjH7gszC4Ji92jVdPe_6Qc85Yr8q2FAd9RzXcVzHtU9ILRK1enSPhczvRG4vcnqB13P7AVb1f3dTWjDUAq92yWOQvP3_H8lbkGyKbPTlcWGGhcqfe2VUprRQGhXffDMbZqrOMNqHibaQZJuzv6FMS8jHc1DZ5swBVLXROUAsWzL3xAPE2eZMJuLqxkOlcQqRIeaHUFdTiHQKSadg6iokv08AxnH6DLLRzdNK1_TyQ5Z2bEvm__4Lsm7J_IPHkY3uLqVy1T6n0rKQKjNYTRrI1SnkyhR5uY1izYKst8GK9yD5z8R58hCy0e3XVCWHdiX0EJLvPO35Dnf7TrIQBZGzEFCfLsSCDhYGbiI8N_Ijb-DtBSWTKaiZQ2kslNJCmVgocwsjvmMHziBgLvXDJOJs0QloEHARO9HAcxwasUWUrHOwjiJfB0vXwfQV5Prdz7m_KPyYBWOKofywJeSaD11uwVxqYLgFUxBUvEEtCGpDUFOCWhLUBUFdNTd4ajzT3OSpKWN3Nr3Z9JuJKlbG9IYqVkRGQPU6NG82ZP6OuQpWHJisJYZPVNdoXDQTGvNmnO-SR7uwrVt5jaHYsX2P04TFScjDMApZ3w9pnzLGvJBzR1AfRjaQZg7UWFiTLVlefBG5bMmRD7YQ022YdBtMPgJauqB1A3qpwVp2dyg4lbEairzH1AhcNciLeRSXrXG6Sw5Pls8vbe29-sXfvodg98iswHSDXDd4W_5AsJJenyyrmmwsq9qQr87khRzJNdpdxLmCFuJ_t18Xl2ul-cnjZv3WS6wjOnjnvDDFKZpxma0Y8sWS5FzoE0ozQb49aS6I-GxpLi2VOivzU2dfPnFylGthjFTZFFS25OCf74PJlhz-7rO9a-8_-ztYfgUm39dpFEGcH0AqCVKx_53GDcy_9ngfj811rOh50OIqslGDSjeo0gY0XYcpD06KXN974adPuvoUcTo_iVM9vxGnOv2oy-nHrn2zl1hLLv76C4zcsfte7IeDQSiSkCc-9z2fR31HRAGNwiAK-ihMK5_6-v4_AQAA__-92LJInwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.330Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvW8dxReddaxfkRQ_IAjaFaIgCL_s11u_JQVgQiAiJJETlAKlmJ2ZdYa3b2eZ2Q_HVSBSFFEgI1EADfvOc2ISoggKOj6sZ4SEIoGyBcJFTMFfgJCo0TpPMtzi3nP3bHHOmXttXO4SHyXdOfuGWpNpSo_2e479zAWZcVUb-_R523V6zjH7gszC4Ji92jVdPe_6Qc85Yr8q2FAd9RzXcVzHtU9ILRK1enSPhczvRG4vcnqB13P7AVb1f3dTWjDUAq92yWOQvP3_H8lbkGyKbPTlcWGGhcqfe2VUprRQGhXffDMbZqrOMNqHibaQZJuzv6FMS8jHc1DZ5swBVLXROUAsWzL3xAPE2eZMJuLqxkOlcQqRIeaHUFdTiHQKSadg6iokv08AxnH6DLLRzdNK1_TyQ5Z2bEvm__4Lsm7J_IPHkY3uLqVy1T6n0rKQKjNYTRrI1SnkyhR5uY1izYKst8GK9yD5z8R58hCy0e3XVCWHdiX0EJLvPO35Dnf7TrIQBZGzEFCfLsSCDhYGbiI8N_Ijb-DtBSWTKaiZQ2kslNJCmVgocwsjvmMHziBgLvXDJOJs0QloEHARO9HAcxwasUWUrHOwjiJfB0vXwfQV5Prdz7m_KPyYBWOKofywJeSaD11uwVxqYLgFUxBUvEEtCGpDUFOCWhLUBUFdNTd4ajzT3OSpKWN3Nr3Z9JuJKlbG9IYqVkRGQPU6NG82ZP6OuQpWHJisJYZPVNdoXDQTGvNmnO-SR7uwrVt5jaHYsX2P04TFScjDMApZ3w9pnzLGvJBzR1AfRjaQZg7UWFiTLVlefBG5bMmRD7YQ022YdBtMPgJauqB1A3qpwVp2dyg4lbEairzH1AhcNciLeRSXrXG6Sw5Pls8vbe29-sXfvodg98iswHSDXDd4W_5AsJJenyyrmmwsq9qQr87khRzJNdpdxLmCFuJ_t18Xl2ul-cnjZv3WS6wjOnjnvDDFKZpxma0Y8sWS5FzoE0ozQb49aS6I-GxpLi2VOivzU2dfPnFylGthjFTZFFS25OCf74PJlhz-7rO9a-8_-ztYfgUm39dpFEGcH0AqCVKx_53GDcy_9ngfj811rOh50OIqslGDSjeo0gY0XYcpD06KXN974adPuvoUcTo_iVM9vxGnOv2oy-nHrn2zl1hLLv76C4zcsfte7IeDQSiSkCc-9z2fR31HRAGNwiAK-ihMK5_6-v4_AQAA__-92LJInwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2b4194ce9509b57543b2188e4fcfc65c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":232,"timings":{"blocked":132,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvW8c1Rd945_1K5KCjyBoR4iCILyZrx3vkAIwIRARksgJSoFSvHnvjfPY2XnDe_PhuApEiiIKtEgUQMPsWScmIYqgoEECRes0KBIoUyBcxA38AwiJGo2zkuEW9547Z4pzzrtXJ-Uu8VHSnTNvqw2ZpvRIv-fYz5-XGVe1sU-ds12n5xy1z8ssDI7a613T1UuuH_Scw_Ybgg3VEc9xHcd1XPu41CJR60f2WMj8duT2IqcXeD23H2Bd_3c3pQVDLfBqlzwJydvHfk_ehWQzZKNvjgkzLFT-4uujMqWF0qj41jvZMFN1htE-TLSFJNua_w1lWkI-W4DKtuYOoKrNzgFi2ZKFpx8izrbmMhFX1x8pjVOIDDE_iLqaQaQzSDoDU1cg-QMCMI5Tp5GNbpxSuqaXHrG0Y1uy-PdfkHVLFh8-hWx0ZyWV6_ZZlZaFVJnBetJArs8g12bIy20UGxZkvQ1WfAjJfybOMweRjW69qSo5tCuhh5B85znPd7jbd5KlKIicpYD6dCkWdLA0cBPhuZEfeQNvLyiZzEDNAkpjoZQWysRCmVsY8R07cAYBc6kfJhFny05Ag4CL2IkGnuPQiC2jZJ2DMYp8DJaOwfRl5PqDr7i_LPyYBROKofykJeSqD13ehbnYwHALpiCoeINaENSGoKYEtSSoC4K6aq7z1HimucFTU8bufHrz6TdTVaxN6HVVrImMgOoxNG82Zf6-uQJW_G-6kRg-VV2jcdFMacybSb5LnujCtm7mNYZix_Y9ThMWJyEPwyhkfT-kfcoY80LOHUF9GNlAmgVQY2FDtmR1-RXksiWHP76LmG7DpNtg8nHQ0gWtG9CLDTayO0PBqYzVUOQ9pkbgqkFeLKK4ZE3SXXJounpu5e7eq1_47R4Eu0_mBaYb5LrBe_IewVp6bbqqarK5qmpDvj2dF3IkN2h3EWcLWoj_33pLXKqV5ieOmfHNV1lHdPD2OWGKkzTjMlsz5OsVybnQx5VmgvxwwpwX8ZnSXFwpdVbmJ8-8dvzEKNfCGKmyGahsyYE_PwKTLTn045d7195_4Q-w_DJMvq_TKII4t5BKglTsf6dxA_OvPd7HE3MNa3oRtLiCbNSg0g2qtAFNxzDlgWmR6_sv__R5V18gThencaoXN-NUp5_u5dSSC7_-0qHvuzaDkTt234v9cDAIRRLyxOe-5_Oo74gooFEYREEfhWnls989-CcAAP__rZmBr58EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvW8c1Rd945_1K5KCjyBoR4iCILyZrx3vkAIwIRARksgJSoFSvHnvjfPY2XnDe_PhuApEiiIKtEgUQMPsWScmIYqgoEECRes0KBIoUyBcxA38AwiJGo2zkuEW9547Z4pzzrtXJ-Uu8VHSnTNvqw2ZpvRIv-fYz5-XGVe1sU-ds12n5xy1z8ssDI7a613T1UuuH_Scw_Ybgg3VEc9xHcd1XPu41CJR60f2WMj8duT2IqcXeD23H2Bd_3c3pQVDLfBqlzwJydvHfk_ehWQzZKNvjgkzLFT-4uujMqWF0qj41jvZMFN1htE-TLSFJNua_w1lWkI-W4DKtuYOoKrNzgFi2ZKFpx8izrbmMhFX1x8pjVOIDDE_iLqaQaQzSDoDU1cg-QMCMI5Tp5GNbpxSuqaXHrG0Y1uy-PdfkHVLFh8-hWx0ZyWV6_ZZlZaFVJnBetJArs8g12bIy20UGxZkvQ1WfAjJfybOMweRjW69qSo5tCuhh5B85znPd7jbd5KlKIicpYD6dCkWdLA0cBPhuZEfeQNvLyiZzEDNAkpjoZQWysRCmVsY8R07cAYBc6kfJhFny05Ag4CL2IkGnuPQiC2jZJ2DMYp8DJaOwfRl5PqDr7i_LPyYBROKofykJeSqD13ehbnYwHALpiCoeINaENSGoKYEtSSoC4K6aq7z1HimucFTU8bufHrz6TdTVaxN6HVVrImMgOoxNG82Zf6-uQJW_G-6kRg-VV2jcdFMacybSb5LnujCtm7mNYZix_Y9ThMWJyEPwyhkfT-kfcoY80LOHUF9GNlAmgVQY2FDtmR1-RXksiWHP76LmG7DpNtg8nHQ0gWtG9CLDTayO0PBqYzVUOQ9pkbgqkFeLKK4ZE3SXXJounpu5e7eq1_47R4Eu0_mBaYb5LrBe_IewVp6bbqqarK5qmpDvj2dF3IkN2h3EWcLWoj_33pLXKqV5ieOmfHNV1lHdPD2OWGKkzTjMlsz5OsVybnQx5VmgvxwwpwX8ZnSXFwpdVbmJ8-8dvzEKNfCGKmyGahsyYE_PwKTLTn045d7195_4Q-w_DJMvq_TKII4t5BKglTsf6dxA_OvPd7HE3MNa3oRtLiCbNSg0g2qtAFNxzDlgWmR6_sv__R5V18gThencaoXN-NUp5_u5dSSC7_-0qHvuzaDkTt234v9cDAIRRLyxOe-5_Oo74gooFEYREEfhWnls989-CcAAP__rZmBr58EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: dfcde43bc71757999f3055f0e5304ae1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":346,"timings":{"blocked":230,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/8c/ef/5b/8cef5b6cd280bdae3f6f105d6e4e2a6d/1756662103.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.517Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/8c/ef/5b/8cef5b6cd280bdae3f6f105d6e4e2a6d/1756662103.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 53091\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:41:43 GMT\r\netag: \"68b48957-cf63\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":53091,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:35:05], progressive, precision 8, 320x240, components 3","md5":"fdb07c2afc692d63cbeb795f5801a46b","sha1":"294c000fc4d8e045eb5a79dbf33eaf434aa558c0","sha256":"fd2f69bf1ca00815fbf7d5c63d2ed44e4d490a0b068e1ea00054d75eff8c4c57","sha512":"10b6855380bd8863826f64ab3f9357687ab465d11345b5530dffa0f8444ab09f8681a3b4b66b64449e9acdfc0769812dac80a1cb8506d56eec9324934a93f7f7","ssdeep":"768:SvEiGvpoSwpYyhDzX1/V6UdlEnFa0oKt0m/gRYV1g6:Do79DLKupm//V1V","tlshash":"f733c0bab7449d73dce006b899b0ead233317651a35376117cec7b04bb24dba4dad421","first_seen":"2025-09-02T19:18:23.981517Z","last_seen":"2026-06-01T01:22:45.461299Z","times_seen":1398,"resource_available":false,"data":null}},"time_used":272,"timings":{"blocked":157,"dns":0,"connect":0,"send":0,"wait":88,"receive":27,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/tag/official1auraa/","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-23T07:20:47.348Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /tag/official1auraa/ HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:47 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nlink: \u003chttps://kedaibokep.com/wp-json/\u003e; rel=\"https://api.w.org/\", \u003chttps://kedaibokep.com/wp-json/wp/v2/tags/233\u003e; rel=\"alternate\"; title=\"JSON\"; type=\"application/json\"\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\nx-litespeed-cache: hit\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R4aJWfFpk7wwVOqR9KyZyI7HaBVshBiuoyCqWOGpo4TCyxs419M2BR20aaE9iQIU66RUYlh2%2BZQXSOcxjuFCoH3C3E0nj%2FpEZEkpv5q0\"}]}\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 9a2ee7f02e38120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"MySQL","description":"MySQL is an open-source relational database management system.","website":"https://mysql.com","common_platform_enumeration":"cpe:2.3:a:mysql:mysql:*:*:*:*:*:*:*:*","icon":"MySQL.svg","categories":["Databases"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Redis Object Cache","description":"","website":"https://wprediscache.com","common_platform_enumeration":"","icon":"RedisObjectCache.svg","categories":["Caching"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"bxSlider:4.2.15","description":"Add a respsonsive image slider to any website.","website":"https://bxslider.com/","common_platform_enumeration":"","icon":"bxSlider.png","categories":["Photo galleries","JavaScript libraries"]},{"name":"Redis","description":"Redis is an in-memory data structure project implementing a distributed, in-memory key–value database with optional durability. Redis supports different kinds of abstract data structures, such as strings, lists, maps, sets, sorted sets, HyperLogLogs, bitmaps, streams, and spatial indexes.","website":"https://redis.io","common_platform_enumeration":"cpe:2.3:a:redislabs:redis:*:*:*:*:*:*:*:*","icon":"Redis.svg","categories":["Databases"]},{"name":"jQuery Migrate:3.4.1","description":"Query Migrate is a javascript library that allows you to preserve the compatibility of your jQuery code developed for versions of jQuery older than 1.9.","website":"https://github.com/jquery/jquery-migrate","common_platform_enumeration":"","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Site Kit:1.166.0","description":"Site Kit is a one-stop solution for WordPress users to use everything Google has to offer to make them successful on the web.","website":"https://sitekit.withgoogle.com/","common_platform_enumeration":"","icon":"Google.svg","categories":["Analytics","WordPress plugins"]},{"name":"Yoast SEO Premium:26.3","description":"Yoast SEO Premium is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"WPMU DEV Smush:3.22.3","description":"WPMU DEV Smush is a WordPress plugin that allows you to optimise images without losing quality.","website":"https://wpmudev.com/project/wp-smush-pro","common_platform_enumeration":"","icon":"WPMU DEV.png","categories":["WordPress plugins"]},{"name":"WordPress:6.8.3","description":"WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.","website":"https://wordpress.org","common_platform_enumeration":"cpe:2.3:a:wordpress:wordpress:*:*:*:*:*:*:*:*","icon":"WordPress.svg","categories":["CMS","Blogs"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Yoast SEO:26.4","description":"Yoast SEO is a search engine optimisation plugin for WordPress and other platforms.","website":"https://yoast.com/wordpress/plugins/seo/","common_platform_enumeration":"","icon":"Yoast SEO.png","categories":["SEO","WordPress plugins"]}],"data":{"size":82421,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (8856), with CRLF, LF line terminators","md5":"ca5ce4c674d9049368e39daa786f15a9","sha1":"c3d0e2fa5abec11c2f5a25b0f91f3da425b49e47","sha256":"120515a8aa00d8b43d85f255632dfe419740b6474096303fd3d7b7400ecf7d83","sha512":"0a6bcc796bb026da363590365ab8619d834537a3343413a87b6684b367d375d5affc59e5ceecced0a924a8f9f46c29460eb1632f128fa76aaa4e844389e268fb","ssdeep":"1536:dIqM4Xapsnb+8aiBl7Ba+S61YD4SwCzZeLhMS/vag4SBLYPAppQtLt2otrm:nJKun4iBdvBLYPsQtLt25","tlshash":"19831af1a28905bf73278ad68450770865a7d525cf038cd7f2fe72a8c6c6df2656308a","first_seen":"2025-11-23T07:21:30.191216Z","last_seen":"2025-11-23T07:21:30.191216Z","times_seen":1,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":38,"dns":19,"connect":1,"send":0,"wait":139,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/603.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/603.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/860.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.659Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/860.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 41546\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"a24a-6908fce6-17ad5a;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:10 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DZCpL8pnqejDS6Lh2n21pnt1U%2FJ7Z6BU0C7aFXjZT7kh8nkqe2RmWkiBGXSSrOsNcIi6HQ%2FeNzTaG04dSjgbq6Nm4Odev845dT4cSw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7da1756a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":41546,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 640x360, components 3","md5":"29945c3dcbf91951b95ab056df2f7e3e","sha1":"7087f1e0e4acd0f0f3b01de33b4945c4d807bb5e","sha256":"e4a846e6c1f57918f4f9fc5698dedcf0ad0ef22315bf49dac10d7fbf37ee3050","sha512":"f17d5b258271ca1cecf8eec5e357bf5f463e3513ceb8886e70317860d0c6e6b72bb77e59238784cb894dc3c39c12e971b2c1f63041cfc1d303d3d723e2cd08f4","ssdeep":"768:iiUGP97ZEi2mJrMxVZ0hXnGQ5C9twAlAOo2EosQFzIfqpgLybViTWGZjVH7FAeCX:iiUG1lT26gxVmXGQ5x56ExQFzUnLzZjG","tlshash":"1713f240a5a45783c62bf23323c0109af2fbf444c9c85d8ec5e3fc6a5a2986d57f7549","first_seen":"2025-11-23T07:21:30.19315Z","last_seen":"2025-11-23T07:21:30.19315Z","times_seen":1,"resource_available":false,"data":null}},"time_used":142,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":88,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.688Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 11368\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 34\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 422133812343e2b623d11f8ac2495841\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":16234,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"64eb396386b0285ac24c95ebf944cd41","sha1":"c12c80d10143e271ebfc381ac164d88650293980","sha256":"7d2041845f8fefec2f896a526633f9cbbe994dc7cce595a85f898e0c9596d6a9","sha512":"b3a780686ebf7c0f6a16670dd6da67608a78f92cfbf20e1eefe82f3c2f5d9c7c861afad651a32986484f92969ed10d0b08d5e326f240a4ee2e2ebbde66fd677f","ssdeep":"384:S52vUy5bW65ZfEGxinpnhpQ9k+IkJRJA6AT4IChw/Okqw5W64i8s2rHKz:o2vPc6DfepnQ9nIkJfA/T4IChMOkD4ib","tlshash":"3672bfb755b4a8cf0f4ca9b66dce29229c83970fa4cc7fc41a6e56ed0b090672f21601","first_seen":"2025-11-23T07:21:30.194914Z","last_seen":"2025-11-23T07:21:30.194914Z","times_seen":1,"resource_available":false,"data":null}},"time_used":719,"timings":{"blocked":287,"dns":15,"connect":94,"send":0,"wait":130,"receive":1,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIEKgYw8CZAnJG3GBL0H8AQiJGM15pYMX1HtvaoKq6ndtUu4RHyXdPfemGsk0pce6Hcd-9qLMuKqNfeaC7Tod57h9UWZhcNwetqCrF1w_6DhH7dcE66tjnuM6juu49kmpRaKGx_ZZyPxO5HYipxN4HbcbYKj_u5vSgqEWeLVHHofk80d-T96GZDNkg69PCNMvVP78q4MypYXSqPjWW1k_U3WGwcGYaAtJtrX4G8rMCfl0CSrbWjiAqjZbB4jlnCw9-QBxtrWQibi68VBpnEJkiPlh1NUMIp1B0hmYugrJ7xOAcZw5i2xw84zSNb38kKUtOyfLf_8FWc_J8oMnkA3urqVyaJ9XaVlIlRkMkwZyOIPcmCEvd1CMLMh6B6z4AJL_SpynDiMb3H5dVbJvV0L3IfnuM57vcLfrJCtREDkrAfXpSixob6XnJsJzIz_yet5-UDKZgZollMZCKS2UiYUytzDgu3bg9ALmUj9MIs5WnYAGARexE_U8x6ERW0XJWgdjFPkYLB2D6SvI9ftfcn9V-DELJhR9-fGckGs-dLkNc6mB4RZMQVDxBrUgqA1BTQlqSVAXBHXV3OCp8Uxzk6emjN1F9xbdb6aq2JjQG6rYEBkB1WNo3mzK_D1zFaz433SUGD5VLdC4aKY05s0k3yOPtWFbt_IafbFr-x6nCYuTkIdhFLKuH9IuZYx5IeeOoD6MbCDNEqixMJJzsr76EnI5J0c_2kZMd2DSHTD5KGjpgtYN6KUGo-xuX3AqY9UXeYepAbhqkBfLKC5bk3SPHJmuX1jb3n_1d377GYLdI4sC0w1y3eBd-RPBRnp9uq5qsrmuakO-OZsXciBHtL2I8wUtxP9vvyEu10rzUyfM-NbLrCXa8c4FYYrTNOMy2zDkqzXJudAnlWaCfH_KXBTxudJcWit1Vuanz71y8tQg18IYqbIZqJyTQ39-CCbn5MgPX-xfe_e5P8DyKzD5gU6jCOLcQioJUnHwncYNzL_2-GCemOvY0MugxVVkgwaVblClDWg6hikPTYtc33vxl8_a-hxxujyNU728Gac6_WQ_pxZ2Wvixhe9g5K7d9WI_7PVCkYQ88bnv-TzqOiIKaBQGUdBFYeby6W_v_xMAAP__pYsoXp8EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.214Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIEKgYw8CZAnJG3GBL0H8AQiJGM15pYMX1HtvaoKq6ndtUu4RHyXdPfemGsk0pce6Hcd-9qLMuKqNfeaC7Tod57h9UWZhcNwetqCrF1w_6DhH7dcE66tjnuM6juu49kmpRaKGx_ZZyPxO5HYipxN4HbcbYKj_u5vSgqEWeLVHHofk80d-T96GZDNkg69PCNMvVP78q4MypYXSqPjWW1k_U3WGwcGYaAtJtrX4G8rMCfl0CSrbWjiAqjZbB4jlnCw9-QBxtrWQibi68VBpnEJkiPlh1NUMIp1B0hmYugrJ7xOAcZw5i2xw84zSNb38kKUtOyfLf_8FWc_J8oMnkA3urqVyaJ9XaVlIlRkMkwZyOIPcmCEvd1CMLMh6B6z4AJL_SpynDiMb3H5dVbJvV0L3IfnuM57vcLfrJCtREDkrAfXpSixob6XnJsJzIz_yet5-UDKZgZollMZCKS2UiYUytzDgu3bg9ALmUj9MIs5WnYAGARexE_U8x6ERW0XJWgdjFPkYLB2D6SvI9ftfcn9V-DELJhR9-fGckGs-dLkNc6mB4RZMQVDxBrUgqA1BTQlqSVAXBHXV3OCp8Uxzk6emjN1F9xbdb6aq2JjQG6rYEBkB1WNo3mzK_D1zFaz433SUGD5VLdC4aKY05s0k3yOPtWFbt_IafbFr-x6nCYuTkIdhFLKuH9IuZYx5IeeOoD6MbCDNEqixMJJzsr76EnI5J0c_2kZMd2DSHTD5KGjpgtYN6KUGo-xuX3AqY9UXeYepAbhqkBfLKC5bk3SPHJmuX1jb3n_1d377GYLdI4sC0w1y3eBd-RPBRnp9uq5qsrmuakO-OZsXciBHtL2I8wUtxP9vvyEu10rzUyfM-NbLrCXa8c4FYYrTNOMy2zDkqzXJudAnlWaCfH_KXBTxudJcWit1Vuanz71y8tQg18IYqbIZqJyTQ39-CCbn5MgPX-xfe_e5P8DyKzD5gU6jCOLcQioJUnHwncYNzL_2-GCemOvY0MugxVVkgwaVblClDWg6hikPTYtc33vxl8_a-hxxujyNU728Gac6_WQ_pxZ2Wvixhe9g5K7d9WI_7PVCkYQ88bnv-TzqOiIKaBQGUdBFYeby6W_v_xMAAP__pYsoXp8EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 51d37875090c20398d101d21a40298fc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":179,"timings":{"blocked":80,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=552","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:50.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=552 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv27=true; uncs27=1; u_pl27881585=1; pdhtkv23=true; uncs23=1; u_pl27881589=1; pdhtkv29=true; uncs29=1; u_pl27881590=1; slec89d6f1c80b1e0bbfc99e7ec523be338e=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:50 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.284Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 01:12:52 GMT","end":"Wed, 28 Jan 2026 01:12:51 GMT"},"fingerprint":{"sha1":"67:43:25:0A:D1:7D:95:9F:2D:A3:3F:97:74:7C:0A:AE:D2:D3:98:61","sha256":"09:09:97:4E:79:6D:B5:F4:D7:B7:F6:8F:BE:97:4E:B6:04:9C:25:29:FE:4A:0E:A2:BE:82:F0:6E:CF:8C:74:F0"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 67710d7aa7d8f3a92dc608333300aab9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":688,"timings":{"blocked":295,"dns":15,"connect":91,"send":0,"wait":97,"receive":0,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7OGxksWRYBWiQCIGG29uzDxrIgIEIgswcBsoTkjTghX8JfgJCI0dytdPCCeu9NTVBV_a5Nyl3io6Q7595UI5mm9Fiv69jPXpQZV7Wxz1ywXafrHLcvyiwMjtsbLejqBdcPus5R-zXBBuqY57iO4zqufVJqkaiNY3ssZH4ncruR0w28rtsLsKH_u5vSgqEWeLVLHofk80f-SN6GZDNkw69PCDMoVP78q8MypYXSqPjWW9kgU3WG4cGYaAtJtrX4G8rMCfl0CSrbWjiAqjZbB4jlnCw9-RBxtrWQibi6sa80TiEyxPww6moGkc4g6QxMXYXkDwjAOM6cRTa8eUbpml7eZ2nLzknn778g6znpPHwC2fDuaio37PMqLQupMoONpIHcmEGuz5CX2yhGFmS9DVZ8AMl_Jc5Th5ENb7-uKjmwK6EHkHznGc93uNtzkuUoiJzlgPp0ORa0v9x3E-G5kR95fW8vKJnMQM0SSmOhlBbKxEKZWxjyHTtw-gFzqR8mEWcrTkCDgIvYifqe49CIraBkrYMxinwMlo7B9BXk-v0vub8i_JgFE4qB_HhOyDUfurwHc6mB4RZMQVDxBrUgqA1BTQlqSVAXBHXV3OCp8Uxzk6emjN1F9xbdb6aqWJ_QG6pYFxkB1WNo3mzK_D1zFaz433SUGD5VLdC4aKY05s0k3yWPtWFbt_IaA7Fj-x6nCYuTkIdhFLKeH9IeZYx5IeeOoD6MbCDNEqixMJJzsrbyEnI5J0c_uoeYbsOk22DyUdDSBa0b0EsNRtndgeBUxmog8i5TQ3DVIC86KC5bk3SXHJmuXVi9t_fq7_z2HQS7TxYFphvkusG78ieC9fT6dE3VZHNN1YZ8czYv5FCOaHsR5wtaiP_ffkNcrpXmp06Y8a2XWUu0450LwhSnacZltm7IV6uSc6FPKs0E-f6UuSjic6W5tFrqrMxPn3vl5KlhroUxUmUzUDknh_78EEzOyZEfvti79t5zv4PlV2DyA51GEcR5B6kkSMXBdxo3MP_a44N5Yq5jXXdAi6vIhg0q3aBKG9B0DFMemha5vv_iL5-19TnitDONU93ZjFOdftLm9HML2y38uB-bkTt2z4v9sN8PRRLyxOe-5_Oo54gooFEYREEPhZnLp7998E8AAAD__72Y0J2fBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.230Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7OGxksWRYBWiQCIGG29uzDxrIgIEIgswcBsoTkjTghX8JfgJCI0dytdPCCeu9NTVBV_a5Nyl3io6Q7595UI5mm9Fiv69jPXpQZV7Wxz1ywXafrHLcvyiwMjtsbLejqBdcPus5R-zXBBuqY57iO4zqufVJqkaiNY3ssZH4ncruR0w28rtsLsKH_u5vSgqEWeLVLHofk80f-SN6GZDNkw69PCDMoVP78q8MypYXSqPjWW9kgU3WG4cGYaAtJtrX4G8rMCfl0CSrbWjiAqjZbB4jlnCw9-RBxtrWQibi6sa80TiEyxPww6moGkc4g6QxMXYXkDwjAOM6cRTa8eUbpml7eZ2nLzknn778g6znpPHwC2fDuaio37PMqLQupMoONpIHcmEGuz5CX2yhGFmS9DVZ8AMl_Jc5Th5ENb7-uKjmwK6EHkHznGc93uNtzkuUoiJzlgPp0ORa0v9x3E-G5kR95fW8vKJnMQM0SSmOhlBbKxEKZWxjyHTtw-gFzqR8mEWcrTkCDgIvYifqe49CIraBkrYMxinwMlo7B9BXk-v0vub8i_JgFE4qB_HhOyDUfurwHc6mB4RZMQVDxBrUgqA1BTQlqSVAXBHXV3OCp8Uxzk6emjN1F9xbdb6aqWJ_QG6pYFxkB1WNo3mzK_D1zFaz433SUGD5VLdC4aKY05s0k3yWPtWFbt_IaA7Fj-x6nCYuTkIdhFLKeH9IeZYx5IeeOoD6MbCDNEqixMJJzsrbyEnI5J0c_uoeYbsOk22DyUdDSBa0b0EsNRtndgeBUxmog8i5TQ3DVIC86KC5bk3SXHJmuXVi9t_fq7_z2HQS7TxYFphvkusG78ieC9fT6dE3VZHNN1YZ8czYv5FCOaHsR5wtaiP_ffkNcrpXmp06Y8a2XWUu0450LwhSnacZltm7IV6uSc6FPKs0E-f6UuSjic6W5tFrqrMxPn3vl5KlhroUxUmUzUDknh_78EEzOyZEfvti79t5zv4PlV2DyA51GEcR5B6kkSMXBdxo3MP_a44N5Yq5jXXdAi6vIhg0q3aBKG9B0DFMemha5vv_iL5-19TnitDONU93ZjFOdftLm9HML2y38uB-bkTt2z4v9sN8PRRLyxOe-5_Oo54gooFEYREEPhZnLp7998E8AAAD__72Y0J2fBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b175cb27ebac5974a9deb2436a73511e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":125,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjYe4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowZPR4KweDIkJc3IPbGL8C4yJZ9PLJKvf4X3f168P7736rk7KXeKjpDtn31Ijmab0aLfj2M9dkBlXtbFPn7ddp-Mcsy_ILAyO2cMWdPWi6wcd54j9umB9ddRzXMdxHdc-IbVI1PDoHguZ347cTuR0Aq_jdgMM9f93U1ow1AKvdskTkHz-6J_JO5BshmzwzXFh-oXKX3htUKa0UBoV33o762eqzjDYHxNtIcm2Fn9DmTkhny1BZVsLB1DVZusAsZyTpaceIM62FjIRV9cfKo1TiAwxP4S6mkGkM0g6A1NXIPl9AjCO02eQDW6cVrqmlx6ytGXnZPmfvyHrOVl-8CSywZ21VA7tcyotC6kyg2HSQA5nkBsz5OU2ipEFWW-DFR9C8t-I8_QhZINbb6hK9u1K6D4k33nW8x3udp1kJQoiZyWgPl2JBe2t9NxEeG7kR17P2wtKJjNQs4TSWCilhTKxUOYWBnzHDpxewFzqh0nE2aoT0CDgInainuc4NGKrKFnrYIwiH4OlYzB9Gbn-4Cvurwo_ZsGEoi8_mRNy1Ycu78JcbGC4BVMQVLxBLQhqQ1BTgloS1AVBXTXXeWo809zgqSljd9G9RfebqSo2JvS6KjZERkD1GJo3mzJ_31wBKw5MR4nhU9UCjYtmSmPeTPJd8ngbtnUzr9EXO7bvcZqwOAl5GEYh6_oh7VLGmBdy7gjqw8gG0iyBGgsjOSfrqy8jl3Ny5OO7iOk2TLoNJh8DLV3QugG92GCU3ekLTmWs-iLvMDUAVw3yYhnFJWuS7pLD0_Xza3f3Xv3d33-CYPfIosB0g1w3eE_-TLCRXpuuq5psrqvakG_P5IUcyBFtL-JcQQvxyK03xaVaaX7yuBnffIW1RDvePi9McYpmXGYbhny9JjkX-oTSTJAfTpoLIj5bmotrpc7K_NTZV0-cHORaGCNVNgOVc3Lwr4_A5Jwc_vHLvWvvPv8HWH4ZJt_XaRRBnB9AKglSsf-dxg3Mf_Z4f56Ya9jQy6DFFWSDBpVuUKUNaDqGKQ9Oi1zfe-nXz9v6AnG6PI1TvbwZpzr9tM3plxa29xJr4XsYuWN3vdgPe71QJCFPfO57Po-6jogCGoVBFHRRmLl85rv7_wYAAP__Zlpoip8EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjYe4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowZPR4KweDIkJc3IPbGL8C4yJZ9PLJKvf4X3f168P7736rk7KXeKjpDtn31Ijmab0aLfj2M9dkBlXtbFPn7ddp-Mcsy_ILAyO2cMWdPWi6wcd54j9umB9ddRzXMdxHdc-IbVI1PDoHguZ347cTuR0Aq_jdgMM9f93U1ow1AKvdskTkHz-6J_JO5BshmzwzXFh-oXKX3htUKa0UBoV33o762eqzjDYHxNtIcm2Fn9DmTkhny1BZVsLB1DVZusAsZyTpaceIM62FjIRV9cfKo1TiAwxP4S6mkGkM0g6A1NXIPl9AjCO02eQDW6cVrqmlx6ytGXnZPmfvyHrOVl-8CSywZ21VA7tcyotC6kyg2HSQA5nkBsz5OU2ipEFWW-DFR9C8t-I8_QhZINbb6hK9u1K6D4k33nW8x3udp1kJQoiZyWgPl2JBe2t9NxEeG7kR17P2wtKJjNQs4TSWCilhTKxUOYWBnzHDpxewFzqh0nE2aoT0CDgInainuc4NGKrKFnrYIwiH4OlYzB9Gbn-4Cvurwo_ZsGEoi8_mRNy1Ycu78JcbGC4BVMQVLxBLQhqQ1BTgloS1AVBXTXXeWo809zgqSljd9G9RfebqSo2JvS6KjZERkD1GJo3mzJ_31wBKw5MR4nhU9UCjYtmSmPeTPJd8ngbtnUzr9EXO7bvcZqwOAl5GEYh6_oh7VLGmBdy7gjqw8gG0iyBGgsjOSfrqy8jl3Ny5OO7iOk2TLoNJh8DLV3QugG92GCU3ekLTmWs-iLvMDUAVw3yYhnFJWuS7pLD0_Xza3f3Xv3d33-CYPfIosB0g1w3eE_-TLCRXpuuq5psrqvakG_P5IUcyBFtL-JcQQvxyK03xaVaaX7yuBnffIW1RDvePi9McYpmXGYbhny9JjkX-oTSTJAfTpoLIj5bmotrpc7K_NTZV0-cHORaGCNVNgOVc3Lwr4_A5Jwc_vHLvWvvPv8HWH4ZJt_XaRRBnB9AKglSsf-dxg3Mf_Z4f56Ya9jQy6DFFWSDBpVuUKUNaDqGKQ9Oi1zfe-nXz9v6AnG6PI1TvbwZpzr9tM3plxa29xJr4XsYuWN3vdgPe71QJCFPfO57Po-6jogCGoVBFHRRmLl85rv7_wYAAP__Zlpoip8EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 39e5afc7772c56e4732bbd3d8d59a568\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":122,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/98/cf/e7/98cfe7688276f1513feb6852014bbd27/1756662145.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.338Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/98/cf/e7/98cfe7688276f1513feb6852014bbd27/1756662145.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 75865\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:42:25 GMT\r\netag: \"68b48981-12859\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75865,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:50:24], progressive, precision 8, 320x240, components 3","md5":"690ac1a706457911a7cce051678a1aa1","sha1":"4883b6be15aedcb4f227ff96f470f06fce68ec23","sha256":"26425b8fffaa9a2084accf391313c0e8739affab7321037b0a159a434691cc10","sha512":"a085e66651c6c4caa18b0812d692137e6275d3e75eb6067931e984230a82a25a34fac0187a291c193f8f1e0e7a300c5610377500bcdc64c003ea791725641920","ssdeep":"1536:T9BsHbdwiQ9BsHbdwi2CKarAz12ABWNAYUuy1NOqKhE0fX19xQST:JydaydbKX8A0AYUu2wqgE0P1s8","tlshash":"0573020a9702ac21fed191770ae2e7b3b562e77d9753744afd9c2c153b60199884a3c2","first_seen":"2025-09-02T18:13:44.363283Z","last_seen":"2026-05-27T14:00:03.865218Z","times_seen":1400,"resource_available":false,"data":null}},"time_used":510,"timings":{"blocked":336,"dns":0,"connect":0,"send":0,"wait":89,"receive":85,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjce4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowZNKyKweDIkJc3IT2Yt_gTHxbHqZZPU7vO_7-vXhvVfflUm5S3yUdOfM22ok05Qe6XYc-_nzMuOqNvapc7brdJyj9nmZhcFRe9iCrl5y_aDjHLbfEKyvjniO6ziu49rHpRaJGh7ZYyHzW5HbiZxO4HXcboCh_v9uSguGWuDVLnkSks8f-zN5F5LNkA2-PSZMv1D5i68PypQWSqPiW-9k_UzVGQb7Y6ItJNnW4m8oMyfk8yWobGvhAKrabB0glnOy9PQDxNnWQibi6tpDpXEKkSHmB1FXM4h0BklnYOoyJL9PAMZx6jSywfVTStf04kOWtuycLP_zN2Q9J8sPnkI2uL2WyqF9VqVlIVVmMEwayOEMcmOGvNxGMbIg622w4iNI_htxnjmIbHDzTVXJvl0J3YfkO895vsPdrpOsREHkrATUpyuxoL2VnpsIz438yOt5e0HJZAZqllAaC6W0UCYWytzCgO_YgdMLmEv9MIk4W3UCGgRcxE7U8xyHRmwVJWsdjFHkY7B0DKYvIdcffs39VeHHLJhQ9OWnc0Ku-NDlXZgLDQy3YAqCijeoBUFtCGpKUEuCuiCoq-YaT41nmus8NWXsLrq36H4zVcXGhF5TxYbICKgeQ_NmU-YfmMtgxSPTUWL4VLVA46KZ0pg3k3yXPNGGbd3Ia_TFju17nCYsTkIehlHIun5Iu5Qx5oWcO4L6MLKBNEugxsJIzsn66ivI5Zwc_uQuYroNk26DycdBSxe0bkAvNBhlt_uCUxmrvsg7TA3AVYO8WEZx0Zqku-TQdP3c2t29V3_v9x8h2D2yKDDdINcN3pc_E2ykV6frqiab66o25LvTeSEHckTbizhb0EI8evMtcbFWmp84ZsY3XmUt0Y63zglTnKQZl9mGId-sSc6FPq40E-SnE-a8iM-U5sJaqbMyP3nmteMnBrkWxkiVzUDlnBz462MwOSeH7ny1d-3dF_4Ayy_B5Ps6jSKI8yWkkiAV-99p3MD8Z4_354m5ig29DFpcRjZoUOkGVdqApmOY8sC0yPW9l3_9oq0vEafL0zjVy5txqtPP2pzu7IXVwi8t_AAjd-yuF_thrxeKJOSJz33P51HXEVFAozCIgi4KM5fPfn__3wAAAP__QWRBPp8EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.364Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXjce4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofw5xQEkI8mDHxoF7sebOwgoTowZNKyKweDIkJc3IT2Yt_gTHxbHqZZPU7vO_7-vXhvVfflUm5S3yUdOfM22ok05Qe6XYc-_nzMuOqNvapc7brdJyj9nmZhcFRe9iCrl5y_aDjHLbfEKyvjniO6ziu49rHpRaJGh7ZYyHzW5HbiZxO4HXcboCh_v9uSguGWuDVLnkSks8f-zN5F5LNkA2-PSZMv1D5i68PypQWSqPiW-9k_UzVGQb7Y6ItJNnW4m8oMyfk8yWobGvhAKrabB0glnOy9PQDxNnWQibi6tpDpXEKkSHmB1FXM4h0BklnYOoyJL9PAMZx6jSywfVTStf04kOWtuycLP_zN2Q9J8sPnkI2uL2WyqF9VqVlIVVmMEwayOEMcmOGvNxGMbIg622w4iNI_htxnjmIbHDzTVXJvl0J3YfkO895vsPdrpOsREHkrATUpyuxoL2VnpsIz438yOt5e0HJZAZqllAaC6W0UCYWytzCgO_YgdMLmEv9MIk4W3UCGgRcxE7U8xyHRmwVJWsdjFHkY7B0DKYvIdcffs39VeHHLJhQ9OWnc0Ku-NDlXZgLDQy3YAqCijeoBUFtCGpKUEuCuiCoq-YaT41nmus8NWXsLrq36H4zVcXGhF5TxYbICKgeQ_NmU-YfmMtgxSPTUWL4VLVA46KZ0pg3k3yXPNGGbd3Ia_TFju17nCYsTkIehlHIun5Iu5Qx5oWcO4L6MLKBNEugxsJIzsn66ivI5Zwc_uQuYroNk26DycdBSxe0bkAvNBhlt_uCUxmrvsg7TA3AVYO8WEZx0Zqku-TQdP3c2t29V3_v9x8h2D2yKDDdINcN3pc_E2ykV6frqiab66o25LvTeSEHckTbizhb0EI8evMtcbFWmp84ZsY3XmUt0Y63zglTnKQZl9mGId-sSc6FPq40E-SnE-a8iM-U5sJaqbMyP3nmteMnBrkWxkiVzUDlnBz462MwOSeH7ny1d-3dF_4Ayy_B5Ps6jSKI8yWkkiAV-99p3MD8Z4_354m5ig29DFpcRjZoUOkGVdqApmOY8sC0yPW9l3_9oq0vEafL0zjVy5txqtPP2pzu7IXVwi8t_AAjd-yuF_thrxeKJOSJz33P51HXEVFAozCIgi4KM5fPfn__3wAAAP__QWRBPp8EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 68d233db0ce022f87b54099181813c8f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":168,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=92CuVUu7gx6%2FPK5GPoEFfqf2tM2xufXegi%2FnhNgmQ85oq5vmH208KOUrsj9hW6k8ZGRgIX4DyCblZUR%2FGjNwNEg19VQxZVlLRojWsS%2BX\"}]}\r\nage: 2611479\r\ncf-cache-status: HIT\r\netag: W/\"675af4e6-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9a2ee7ff39355691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-06-09T21:43:48.908222Z","times_seen":9490,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":10,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.801Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 2774618\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hcOjvrzaQA4Klm%2B6li1tSKD98%2FWLmHbCKJjObp4X%2FziUEsANs%2FoYY4GwMvF3TmC9AWb6KtyM0FChEG%2BdTziEj6T8h6xNODgXRhMdDZML\"}]}\r\ncf-ray: 9a2ee7ff39395691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-06-02T13:53:14.531257Z","times_seen":1737,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.125.70.62","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.227Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://kedaibokep.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d:2:1; expires=Wed, 21 Nov 2035 07:20:48 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"3334282e220f6d66ad3c329a48452ba6","sha1":"dca731c72f2437e93cd820fb64e1eaa589a0efd1","sha256":"2a80ad4ad142468262b95a8e066f924301b2bd72246b74180f72e7c29396c92e","sha512":"3915d7af306204c7cffbe3622b6721d63f02b120152b2909ecca2b2533a60e5ae6169c3b3b1688031f90966b1c7f0d8ee6a60d8a28126a8e2e93d7710f38ee6b","ssdeep":"","tlshash":"1d9002005651160384801d40088486660415970f615526499db195e0421555f2874081","first_seen":"2025-11-23T07:21:30.199232Z","last_seen":"2025-11-23T07:21:30.199232Z","times_seen":1,"resource_available":false,"data":null}},"time_used":234,"timings":{"blocked":106,"dns":35,"connect":21,"send":0,"wait":22,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.851Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ntv.json?key=32dafcbf6d6696c536a5accc26dd0ea3\u0026vstc=4\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22a%22%7D\u0026rb= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/json\r\nContent-Length: 10658\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\nu_pl27881591=1; expires=Mon, 24 Nov 2025 07:20:49 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 19\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5b240da3f9a41f1323bd3cec1cf4f319\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16278,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"d5ee5f273b7276528602627582ef3ffa","sha1":"cf274d5ba10af2082c08a0fd94c827e972901d55","sha256":"d809ecbe3799fb27dbaa23d92af93f8b122bd6e2569357f192ff58b6a9effc31","sha512":"ac8e38a0356d7758b9973b46578176ba12d5744296065a8ab55ca868f4065ddcdc766ec18877e3e590bb6edc246c4717551aacc054fea247a4b52d4947ad2fc7","ssdeep":"384:xeei2lT0mqiafwTWLnwgABzqp4h36jV0Govnki2OpyF5j:xjiOqDf+AwgABzT36jQsiZc","tlshash":"4772c07303869d6f27285ba8fcc1098f4c81b59ccea5ff41d72ca36e2934514237a85c","first_seen":"2025-11-23T07:21:30.200753Z","last_seen":"2025-11-23T07:21:30.200753Z","times_seen":1,"resource_available":false,"data":null}},"time_used":867,"timings":{"blocked":386,"dns":84,"connect":92,"send":0,"wait":112,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.20213942120.js?dev=e\u0026key=547d8fd3bf5eca459123df29d60ae120\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=629c9d810fc689fc3640a18c7724e2dafada30dbd6aff71fd03dd8623af9911cdd32c414d8f649934dda2d52f38f8a90a13f0311f8f514b038b8e40c9c4bc10576bd38e1f6d72b51028edcaa10571b91942172c757d99c892e8382\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.20213942120.js?dev=e\u0026key=547d8fd3bf5eca459123df29d60ae120\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=629c9d810fc689fc3640a18c7724e2dafada30dbd6aff71fd03dd8623af9911cdd32c414d8f649934dda2d52f38f8a90a13f0311f8f514b038b8e40c9c4bc10576bd38e1f6d72b51028edcaa10571b91942172c757d99c892e8382\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nReferer: https://kedaibokep.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 3596\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nu_pl27881589=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 28\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 73ae463d1a16ea22fff5a19969a3353e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5069,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (4193)","md5":"7c78bda4c2f510ff7ce3458e625d6980","sha1":"42a7617b413823b30363ab7dc61ff46569f2ee82","sha256":"e6fc5e8cd7e06eaefd7b21a5cf610475391712b4d698dac35addaf6f3da67304","sha512":"fa959c3eef942f686f1912a2e97ec0e88ab2bf00a3a33f507fdc11a6095578eaccf02802755f1aabbf57156436564564828d1e7ea0946a46d01599b11facfd6b","ssdeep":"96:69EMW2Ioz0MrD8ViUpxZupN6vfk/j9Vu0eN0KFRlRG6FXyqOH1ZDoCfMEDaH:69Eb2Rz0w8VRYTAfkr9U0B0rDiVoCkCM","tlshash":"73a139a99ee8743c28a2607f143b76096de0c10f1a04db06f85dcd810ba5bd81cbacfd","first_seen":"2025-11-23T07:21:30.202501Z","last_seen":"2025-11-23T07:21:30.202501Z","times_seen":1,"resource_available":false,"data":null}},"time_used":122,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":122,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIEKgYw8CZAnJG3GBL_FfgJCI0ZxXOnhBvfemJqiqftcm5R7xUdLdc2-rkUxTeqzbceznL8qMq9rYZy7YrtNxjtsXZRYGx-1hC7p6yfWDjnPUfkOwvjrmOa7juI5rn5RaJGp4bJ-FzO9EbidyOoHXcbsBhvq_uyktGGqBV3vkSUg-f-xh8i4kmyEbfHtCmH6h8hdfH5QpLZRGxbfeyfqZqjMMDsZEW0iyrcXfUGZOyOdLUNnWwgFUtdk6QCznZOnpB4izrYVMxNWNR0rjFCJDzA-jrmYQ6QySzsDUVUh-nwCM48xZZIObZ5Su6eVHLG3ZOVn--y_Iek6WHzyFbHB3LZVD-7xKy0KqzGCYNJDDGeTGDHm5g2JkQdY7YMVHkPx34jxzGNng9puqkn27EroPyXef83yHu10nWYmCyFkJqE9XYkF7Kz03EZ4b-ZHX8_aDkskM1CyhNBZKaaFMLJS5hQHftQOnFzCX-mEScbbqBDQIuIidqOc5Do3YKkrWOhijyMdg6RhMX0GuP_ya-6vCj1kwoejLT-eEXPOhy22YSw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmBk-NZ5qbPDVl7C66t-h-M1XFxoTeUMWGyAioHkPzZlPmH5irYMX_pqPE8KlqgcZFM6Uxbyb5HnmiDdu6ldfoi13b9zhNWJyEPAyjkHX9kHYpY8wLOXcE9WFkA2mWQI2FkZyT9dVXkMs5OfrJNmK6A5PugMnHQUsXtG5ALzUYZXf7glMZq77IO0wNwFWDvFhGcdmapHvkyHT9wtr2_qu_98cOBLtHFgWmG-S6wfvyF4KN9Pp0XdVkc13Vhnx3Ni_kQI5oexHnC1qI_99-S1yuleanTpjxrVdZS7TjnQvCFKdpxmW2Ycg3a5JzoU8qzQT58ZS5KOJzpbm0VuqszE-fe-3kqUGuhTFSZTNQOSeH_vwYTM7JkZ--2r_27gsPwfIrMPmBTqMI4nwJqSRIxcF3Gjcw_9rjg3lirmNDL4MWV5ENGlS6QZU2oOkYpjw0LXJ97-XfvmjrS8Tp8jRO9fJmnOr0szanX_fDauHnFn6Akbt214v9sNcLRRLyxOe-5_Oo64gooFEYREEXhZnLZ7-__08AAAD__6ex8A2fBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.219Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_pF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7WGxksWRYBWiQCIGG29uzDxrIgIEKgYw8CZAnJG3GBL_FfgJCI0ZxXOnhBvfemJqiqftcm5R7xUdLdc2-rkUxTeqzbceznL8qMq9rYZy7YrtNxjtsXZRYGx-1hC7p6yfWDjnPUfkOwvjrmOa7juI5rn5RaJGp4bJ-FzO9EbidyOoHXcbsBhvq_uyktGGqBV3vkSUg-f-xh8i4kmyEbfHtCmH6h8hdfH5QpLZRGxbfeyfqZqjMMDsZEW0iyrcXfUGZOyOdLUNnWwgFUtdk6QCznZOnpB4izrYVMxNWNR0rjFCJDzA-jrmYQ6QySzsDUVUh-nwCM48xZZIObZ5Su6eVHLG3ZOVn--y_Iek6WHzyFbHB3LZVD-7xKy0KqzGCYNJDDGeTGDHm5g2JkQdY7YMVHkPx34jxzGNng9puqkn27EroPyXef83yHu10nWYmCyFkJqE9XYkF7Kz03EZ4b-ZHX8_aDkskM1CyhNBZKaaFMLJS5hQHftQOnFzCX-mEScbbqBDQIuIidqOc5Do3YKkrWOhijyMdg6RhMX0GuP_ya-6vCj1kwoejLT-eEXPOhy22YSw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmBk-NZ5qbPDVl7C66t-h-M1XFxoTeUMWGyAioHkPzZlPmH5irYMX_pqPE8KlqgcZFM6Uxbyb5HnmiDdu6ldfoi13b9zhNWJyEPAyjkHX9kHYpY8wLOXcE9WFkA2mWQI2FkZyT9dVXkMs5OfrJNmK6A5PugMnHQUsXtG5ALzUYZXf7glMZq77IO0wNwFWDvFhGcdmapHvkyHT9wtr2_qu_98cOBLtHFgWmG-S6wfvyF4KN9Pp0XdVkc13Vhnx3Ni_kQI5oexHnC1qI_99-S1yuleanTpjxrVdZS7TjnQvCFKdpxmW2Ycg3a5JzoU8qzQT58ZS5KOJzpbm0VuqszE-fe-3kqUGuhTFSZTNQOSeH_vwYTM7JkZ--2r_27gsPwfIrMPmBTqMI4nwJqSRIxcF3Gjcw_9rjg3lirmNDL4MWV5ENGlS6QZU2oOkYpjw0LXJ97-XfvmjrS8Tp8jRO9fJmnOr0szanX_fDauHnFn6Akbt214v9sNcLRRLyxOe-5_Oo64gooFEYREEXhZnLZ7-__08AAAD__6ex8A2fBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b894b985587d419d036f4a8ea2ca953e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":214,"timings":{"blocked":117,"dns":0,"connect":0,"send":0,"wait":97,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7OGxksWRYBWiQCIGG29uzDxrIgIMSYPRJkCckbcYGPgL8AIRGjuVvp4AX13puaoKr6XZuUu8RHSXfOva1GMk3psV7XsZ-_KDOuamOfuWC7Ttc5bl-UWRgctzda0NVLrh90naP2G4IN1DHPcR3HdVz7pNQiURvH9ljI_E7kdiOnG3hdtxdgQ_93N6UFQy3wapc8Ccnnj_2RvAvJZsiG354QZlCo_MXXh2VKC6VR8a13skGm6gzDgzHRFpJsa_E3lJkT8vkSVLa1cABVbbYOEMs5WXr6EeJsayETcXVjX2mcQmSI-WHU1QwinUHSGZi6CskfEoBxnDmLbHjzjNI1vbzP0padk87ff0HWc9J59BSy4d3VVG7Y51VaFlJlBhtJA7kxg1yfIS-3UYwsyHobrPgIkv9KnGcOIxveflNVcmBXQg8g-c5znu9wt-cky1EQOcsB9elyLGh_ue8mwnMjP_L63l5QMpmBmiWUxkIpLZSJhTK3MOQ7duD0A-ZSP0wizlacgAYBF7ET9T3HoRFbQclaB2MU-RgsHYPpK8j1h19zf0X4MQsmFAP56ZyQaz50eR_mUgPDLZiCoOINakFQG4KaEtSSoC4I6qq5wVPjmeYmT00Zu4vuLbrfTFWxPqE3VLEuMgKqx9C82ZT5B-YqWPG_6SgxfKpaoHHRTGnMm0m-S55ow7Zu5TUGYsf2PU4TFichD8MoZD0_pD3KGPNCzh1BfRjZQJolUGNhJOdkbeUV5HJOjn5yHzHdhkm3weTjoKULWjeglxqMsrsDwamM1UDkXaaG4KpBXnRQXLYm6S45Ml27sHp_79Xf--1HCPaALApMN8h1g_flzwTr6fXpmqrJ5pqqDfnubF7IoRzR9iLOF7QQ_7_9lrhcK81PnTDjW6-ylmjHOxeEKU7TjMts3ZBvViXnQp9UmgnywylzUcTnSnNptdRZmZ8-99rJU8NcC2Okymagck4O_fkxmJyTI_e-2rv23gu_g-VXYPIDnUYRxHkHqSRIxcF3Gjcw_9rjg3lirmNdd0CLq8iGDSrdoEob0HQMUx6aFrl-8PIvX7T1JeK0M41T3dmMU51-1ub0Uwv3Wtjej83IHbvnxX7Y74ciCXnic9_zedRzRBTQKAyioIfCzOWz3z_8JwAA___cQ8EXnwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.287Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7OGxksWRYBWiQCIGG29uzDxrIgIMSYPRJkCckbcYGPgL8AIRGjuVvp4AX13puaoKr6XZuUu8RHSXfOva1GMk3psV7XsZ-_KDOuamOfuWC7Ttc5bl-UWRgctzda0NVLrh90naP2G4IN1DHPcR3HdVz7pNQiURvH9ljI_E7kdiOnG3hdtxdgQ_93N6UFQy3wapc8Ccnnj_2RvAvJZsiG354QZlCo_MXXh2VKC6VR8a13skGm6gzDgzHRFpJsa_E3lJkT8vkSVLa1cABVbbYOEMs5WXr6EeJsayETcXVjX2mcQmSI-WHU1QwinUHSGZi6CskfEoBxnDmLbHjzjNI1vbzP0padk87ff0HWc9J59BSy4d3VVG7Y51VaFlJlBhtJA7kxg1yfIS-3UYwsyHobrPgIkv9KnGcOIxveflNVcmBXQg8g-c5znu9wt-cky1EQOcsB9elyLGh_ue8mwnMjP_L63l5QMpmBmiWUxkIpLZSJhTK3MOQ7duD0A-ZSP0wizlacgAYBF7ET9T3HoRFbQclaB2MU-RgsHYPpK8j1h19zf0X4MQsmFAP56ZyQaz50eR_mUgPDLZiCoOINakFQG4KaEtSSoC4I6qq5wVPjmeYmT00Zu4vuLbrfTFWxPqE3VLEuMgKqx9C82ZT5B-YqWPG_6SgxfKpaoHHRTGnMm0m-S55ow7Zu5TUGYsf2PU4TFichD8MoZD0_pD3KGPNCzh1BfRjZQJolUGNhJOdkbeUV5HJOjn5yHzHdhkm3weTjoKULWjeglxqMsrsDwamM1UDkXaaG4KpBXnRQXLYm6S45Ml27sHp_79Xf--1HCPaALApMN8h1g_flzwTr6fXpmqrJ5pqqDfnubF7IoRzR9iLOF7QQ_7_9lrhcK81PnTDjW6-ylmjHOxeEKU7TjMts3ZBvViXnQp9UmgnywylzUcTnSnNptdRZmZ8-99rJU8NcC2Okymagck4O_fkxmJyTI_e-2rv23gu_g-VXYPIDnUYRxHkHqSRIxcF3Gjcw_9rjg3lirmNdd0CLq8iGDSrdoEob0HQMUx6aFrl-8PIvX7T1JeK0M41T3dmMU51-1ub0Uwv3Wtjej83IHbvnxX7Y74ciCXnic9_zedRzRBTQKAyioIfCzOWz3z_8JwAA___cQ8EXnwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a0ce8298fbd8da8008e3361ddc4411fd\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":245,"timings":{"blocked":150,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:50 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=GICM%2BYqh%2BkiH%2BRb2j0apoh5A3Z%2FyZDdARoAFbdN9tnDPfsi2aAERRqtdYfkCnBggjnlfBhSzlUxRUUf5I4jP20UcRSPolhp%2F%2FQU%2FRIzu\"}]}\r\ncf-ray: 9a2ee7ff091a5691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-06-08T06:09:18.906639Z","times_seen":5703,"resource_available":false,"data":null}},"time_used":601,"timings":{"blocked":67,"dns":36,"connect":6,"send":0,"wait":463,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.808Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 20:46:36 GMT","end":"Sun, 25 Jan 2026 21:44:54 GMT"},"fingerprint":{"sha1":"17:8B:5E:32:3A:E5:9A:3D:E5:18:EF:F0:DA:DE:C3:03:E7:2E:E2:17","sha256":"65:D5:7F:0D:8E:51:6B:E8:BB:44:A1:54:79:43:73:C4:82:1D:77:6C:11:F4:C3:70:8E:0E:AC:00:AC:1D:DB:2B"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=mh8Ubjmpv0ZLR1XYncB6zxl6ZN1Z%2FvI7%2Fy47j1vnPuFu5Ip4x7x5l1RYrht061GrzCBMfapW7bgUSr9QhUacooLOUqimmjSuJLAgPPfy\"}]}\r\nage: 4325000\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9a2ee7ff393e5691-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-06-09T23:55:24.602041Z","times_seen":12081,"resource_available":true,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.20213942120.js?key=547d8fd3bf5eca459123df29d60ae120\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.464Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.20213942120.js?key=547d8fd3bf5eca459123df29d60ae120\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.20213942120.js?dev=e\u0026key=547d8fd3bf5eca459123df29d60ae120\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=629c9d810fc689fc3640a18c7724e2dafada30dbd6aff71fd03dd8623af9911cdd32c414d8f649934dda2d52f38f8a90a13f0311f8f514b038b8e40c9c4bc10576bd38e1f6d72b51028edcaa10571b91942172c757d99c892e8382\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4OSwiayI6IjU0N2Q4ZmQzYmY1ZWNhNDU5MTIzZGYyOWQ2MGFlMTIwIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjMsInB0Ijo0LCJwayI6IndkcXc0eGlycTMiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.lgpn5CWqMIQOnAcJWQj2BoFLhkbKonZlINzdYlOyigo; expires=Sun, 23 Nov 2025 07:21:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d411908d22d928c5bfadc1d3c1d28b62\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5069,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":389,"timings":{"blocked":-1,"dns":10,"connect":93,"send":0,"wait":101,"receive":1,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/09/617.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.526Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/09/617.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/08/58.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/58.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 35210\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"898a-6908fce7-17b7ed;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=08dAPwrm%2FsVr3kqH5hJUI8h%2FMxXaBh4jONhE3S7cHAJ1MX9GnkwHHgzhY0UPTJuzlt95YhlkLh3Wd%2Bf1lt5gfy0ZHAFkwnzac91J6g%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7da1056a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":35210,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 320x180, components 3","md5":"4d69a21d3fcd0b853a499bd5f8b324c4","sha1":"e21ef35397b4d019a54831a27649efc6bfae2c3c","sha256":"3d7b88d6ac01735354ebcd105836dffbe251f39131133b0fc0839ea46745202f","sha512":"d3f9c0cb0ed63543ec9c92b2272ac4d759d1b7e5b9d5817c6587c0ba03a0b5e46e2dc230a38bb3d2302461fe1a021c0e42c4fd3dd8deac42bb4537014ef8581a","ssdeep":"768:JA2gWG1/N24vjplvD5B3CIRtq1mZWL1y+EEmK0:JA2W1/w4nD5BXRiRM+/mL","tlshash":"79f2f18fce249709e2dc993798f608f7822ec844a462f3fb002565b0dddc9d14dbd655","first_seen":"2025-11-23T07:21:30.205585Z","last_seen":"2025-11-23T07:21:30.205585Z","times_seen":1,"resource_available":false,"data":null}},"time_used":138,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":106,"receive":32,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/08/48.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.660Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/48.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10394\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"289a-6908fce7-17b658;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JA4P%2F%2FT9X%2FPyeZONssbmYWbUw3g7pAkyrMG4%2FiQDmJgSYeMrJ5zTIltKLOVO3iIK3u9n7zQs0CpnaMA7gstd4BaPV61UYBNYuO0Y0w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7da1956a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":10394,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, Exif Standard: [TIFF image data, little-endian, direntries=6, orientation=upper-left, xresolution=86, yresolution=94, resolutionunit=2], progressive, precision 8, 658x370, components 3","md5":"9e3ee379c0bc1f37b16441b7c28aa2d3","sha1":"9ccce2fc1774a2d60ff1fb62a1c44ec5b350f0dd","sha256":"b040a650d1ff88e7853745b56727b0ca6b0272cc1e0f30843332396625b912f4","sha512":"fb1b36aaec1f47b853a8f176ab5e16fba095688b17cf121acf715b752c0bb27743f72639e20191b97e54614485387cc87102360a4cbf093e9575965dbaf2d71e","ssdeep":"192:v9zGlncxteHEdOJhvszooCHof2BkNIrErkt0g90C6VwamlcyY5sNt0w:v9zocxzdOJhvszooNfYk6Heg90CMwa0T","tlshash":"2d228d3b6b5906eac4240f396c670a41eb2cbd34b655b68bff846614ce4e2746ff50c8","first_seen":"2025-11-23T07:21:30.207006Z","last_seen":"2025-11-23T07:21:30.207006Z","times_seen":1,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":38,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXice4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofy5xQEkI8mDHxoF7sebOwgoTowZNKyKweDIkJc3Jj2It_gTHxbHqZZPU7vO_7-vXhvVfflUm5S3yUdOfM22ok05Qe6XUd-_nzMuOqNvapc7brdJ2j9nmZhcFRe6MFXb3k-kHXOWy_IdhAHfEc13Fcx7WPSy0StXFkj4XMb0VuN3K6gdd1ewE29P93U1ow1AKvdsmTkHz-2J_Ju5Bshmz47TFhBoXKX3x9WKa0UBoV33onG2SqzjDcHxNtIcm2Fn9DmTkhny9BZVsLB1DVZusAsZyTpacfIM62FjIRV9ceKo1TiAwxP4i6mkGkM0g6A1OXIfl9AjCOU6eRDa-fUrqmFx-ytGXnpPPP35D1nHQePIVseHs1lRv2WZWWhVSZwUbSQG7MINdnyMttFCMLst4GKz6C5L8R55mDyIY331SVHNiV0ANIvvOc5zvc7TnJchREznJAfbocC9pf7ruJ8NzIj7y-txeUTGagZgmlsVBKC2ViocwtDPmOHTj9gLnUD5OIsxUnoEHARexEfc9xaMRWULLWwRhFPgZLx2D6EnL94dfcXxF-zIIJxUB-Oifkig9d3oW50MBwC6YgqHiDWhDUhqCmBLUkqAuCumqu8dR4prnOU1PG7qJ7i-43U1WsT-g1VayLjIDqMTRvNmX-gbkMVjwyHSWGT1ULNC6aKY15M8l3yRNt2NaNvMZA7Ni-x2nC4iTkYRiFrOeHtEcZY17IuSOoDyMbSLMEaiyM5JysrbyCXM7J4U_uIqbbMOk2mHwctHRB6wb0QoNRdnsgOJWxGoi8y9QQXDXIiw6Ki9Yk3SWHpmvnVu_uvfp7v_8Awe6RRYHpBrlu8L78mWA9vTpdUzXZXFO1Id-dzgs5lCPaXsTZghbi0ZtviYu10vzEMTO-8SpriXa8dU6Y4iTNuMzWDflmVXIu9HGlmSA_nTDnRXymNBdWS52V-ckzrx0_Mcy1MEaqbAYq5-TAXx-DyTk5dOervWvvvfAHWH4JJt_XaRRBnHeQSoJU7H-ncQPznz3enyfmKtZ1B7S4jGzYoNINqrQBTccw5YFpket7L__6RVtfIk470zjVnc041elnbU53WvixhV8exmbkjt3zYj_s90ORhDzxue_5POo5IgpoFAZR0ENh5vLZ7-__GwAA__8M1CXOnwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.369Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz48URRitXice4OAPjF47xoMYd-hf0zstB3VFlIhAFgwH46G6qnopp6erreofy5xQEkI8mDHxoF7sebOwgoTowZNKyKweDIkJc3Jj2It_gTHxbHqZZPU7vO_7-vXhvVfflUm5S3yUdOfM22ok05Qe6XUd-_nzMuOqNvapc7brdJ2j9nmZhcFRe6MFXb3k-kHXOWy_IdhAHfEc13Fcx7WPSy0StXFkj4XMb0VuN3K6gdd1ewE29P93U1ow1AKvdsmTkHz-2J_Ju5Bshmz47TFhBoXKX3x9WKa0UBoV33onG2SqzjDcHxNtIcm2Fn9DmTkhny9BZVsLB1DVZusAsZyTpacfIM62FjIRV9ceKo1TiAwxP4i6mkGkM0g6A1OXIfl9AjCOU6eRDa-fUrqmFx-ytGXnpPPP35D1nHQePIVseHs1lRv2WZWWhVSZwUbSQG7MINdnyMttFCMLst4GKz6C5L8R55mDyIY331SVHNiV0ANIvvOc5zvc7TnJchREznJAfbocC9pf7ruJ8NzIj7y-txeUTGagZgmlsVBKC2ViocwtDPmOHTj9gLnUD5OIsxUnoEHARexEfc9xaMRWULLWwRhFPgZLx2D6EnL94dfcXxF-zIIJxUB-Oifkig9d3oW50MBwC6YgqHiDWhDUhqCmBLUkqAuCumqu8dR4prnOU1PG7qJ7i-43U1WsT-g1VayLjIDqMTRvNmX-gbkMVjwyHSWGT1ULNC6aKY15M8l3yRNt2NaNvMZA7Ni-x2nC4iTkYRiFrOeHtEcZY17IuSOoDyMbSLMEaiyM5JysrbyCXM7J4U_uIqbbMOk2mHwctHRB6wb0QoNRdnsgOJWxGoi8y9QQXDXIiw6Ki9Yk3SWHpmvnVu_uvfp7v_8Awe6RRYHpBrlu8L78mWA9vTpdUzXZXFO1Id-dzgs5lCPaXsTZghbi0ZtviYu10vzEMTO-8SpriXa8dU6Y4iTNuMzWDflmVXIu9HGlmSA_nTDnRXymNBdWS52V-ckzrx0_Mcy1MEaqbAYq5-TAXx-DyTk5dOervWvvvfAHWH4JJt_XaRRBnHeQSoJU7H-ncQPznz3enyfmKtZ1B7S4jGzYoNINqrQBTccw5YFpket7L__6RVtfIk470zjVnc041elnbU53WvixhV8exmbkjt3zYj_s90ORhDzxue_5POo5IgpoFAZR0ENh5vLZ7-__GwAA__8M1CXOnwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 345866d56459d576caa7cf2a5884b0d3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":282,"timings":{"blocked":184,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/c8/94/cc/c894ccad032c11990b8570c24074d6bc/1756656403.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.579Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/c8/94/cc/c894ccad032c11990b8570c24074d6bc/1756656403.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 78672\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 16:06:44 GMT\r\netag: \"68b47314-13350\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":78672,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:29 16:40:19], progressive, precision 8, 300x250, components 3","md5":"066e20100222b78fe9405d18539da6e4","sha1":"aa5e3d971a8d26f99b7fdc0ddacc61c062cd1776","sha256":"0af13aebc4a03fef7e5e9050db1d797bb81bf9f64227866392cb7b97ec045085","sha512":"5c6c20ab83609a25576880ddf9b35f93481a165e6ddd174dd086022bd660d9b1936b8edb37c46d7f0cdbbcd77cbf9753bb7d8b8757692266d45c64dceebb02b0","ssdeep":"1536:BHEqIkq/HEqIkq7lE6c/Fs27oxQhHXNFv3fEH3j0sF6:Bk1kq/k1kqp74HhHv38H3/6","tlshash":"e773f158bb45ee23f8d35b730873e7875a13ae24a3971e90708c7520f7f5b54080e616","first_seen":"2025-09-02T19:16:52.557605Z","last_seen":"2026-05-18T20:03:54.4044Z","times_seen":1185,"resource_available":false,"data":null}},"time_used":257,"timings":{"blocked":95,"dns":0,"connect":0,"send":0,"wait":89,"receive":73,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/24/18/2c/24182cd4e6f42aedf1491fdd2c696f03.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.243","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.606Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /24/18/2c/24182cd4e6f42aedf1491fdd2c696f03.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d096a9838290cca2d0b00a0e51c235a8\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.276880797680.js?key=6b59e6699e45dd3d2d19a55f904013ec\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.438Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 22:01:12 GMT","end":"Sat, 24 Jan 2026 22:01:11 GMT"},"fingerprint":{"sha1":"15:FA:E2:08:0A:F1:68:03:29:64:51:B0:FA:3B:8E:DD:DC:B7:CD:01","sha256":"F8:EA:EA:FF:5A:CA:9D:E1:82:F0:8C:3C:7C:6B:FB:06:8F:72:6C:0E:64:EF:7B:3B:2B:21:25:C2:25:7D:0C:BD"}}},"request":{"raw":"GET /watch.276880797680.js?key=6b59e6699e45dd3d2d19a55f904013ec\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.276880797680.js?dev=e\u0026key=6b59e6699e45dd3d2d19a55f904013ec\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=4d266fb1016c63eed670b761685e9de57aa317850f0080e74066ad9dd3aa80805b16d20d10110ce5e0ed603960ff00e9d01a95622cc9ef413da18bfb6be03f81f67b4024910637c42e0cb4c5577fa70184d5943af481029d47da8d\u0026tz=0\u0026uuid=ebdc7005-819f-4162-86c5-1bcf9c5d0a4d%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NSwiayI6IjZiNTllNjY5OWU0NWRkM2QyZDE5YTU1ZjkwNDAxM2VjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6MjcsInB0Ijo0LCJwayI6InMyZjh5eWliIiwidCI6MX0sInUiOnsidSI6MSwiYXUiOjEsImQiOnsiaWQiOjI2NjU2MTExNSwiaWRzIjoiIiwiaWMiOmZhbHNlLCJuIjoiRGVza3RvcCxFbXVsYXRvciIsInYiOiJVbmtub3duIiwibSI6IlVua25vd24iLCJmIjoxLCJmbiI6IkRlc2t0b3AiLCJvaWQiOjM4OTE0LCJvbiI6IldpbmRvd3MiLCJvdiI6IjEwLjAiLCJiaWQiOjEzNjkyNSwiYm4iOiJGaXJlZm94IiwiYnYiOiIxMzQuMCIsInd2IjpmYWxzZSwiZSI6dHJ1ZSwiYWIiOmZhbHNlfSwiYyI6eyJpZCI6MTYyLCJjIjoiTk8iLCJuIjoiTm9yd2F5In0sImEiOmZhbHNlLCJjciI6eyJuIjoiQmxpeCBTb2x1dGlvbnMifSwieGYiOiIiLCJpeGYiOmZhbHNlLCJpZ3hmIjpmYWxzZSwidXAiOnRydWUsInIiOiJodHRwczovL2tlZGFpYm9rZXAuY29tL3RhZy9vZmZpY2lhbDFhdXJhYS8iLCJhciI6W119fQ.A468vx-kS2q8L3-7GVglKTGusr-QswmVsHR_ooYwtok; expires=Sun, 23 Nov 2025 07:21:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bd83609be0d2ad4982d27e273b8f36bb\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":4653,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":695,"timings":{"blocked":307,"dns":10,"connect":91,"send":0,"wait":95,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.443Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /97/fc/e4/97fce4537c0f81f954d679ccebe0c47c.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: d50831fe3dbfd16e188ef6f4e9f89a4f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":742,"timings":{"blocked":321,"dns":30,"connect":94,"send":0,"wait":98,"receive":1,"ssl":192},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.584Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /8d/e9/ae/8de9ae4b0e4b914d604a7e4b56139ffe.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 12b0c3aeb70d1c8b1c9ae42965edface\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":392,"timings":{"blocked":-1,"dns":1,"connect":94,"send":0,"wait":106,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-includes/js/wp-emoji-release.min.js?ver=6.8.3","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-includes/js/wp-emoji-release.min.js?ver=6.8.3 HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: text/javascript\r\ncontent-length: 4724\r\netag: \"4b33-6908fa63-14a898;br\"\r\nlast-modified: Mon, 03 Nov 2025 18:54:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\npriority: u=3,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=NdwAw45E7JaNBTeNe3mCDWynk1cGMxGiasNZgI7UMIalO6tCei4aSCWBh1rQfWVUDkCEXUVVKP117k5YI9Tg7IK3eUlrH7miLsEF3w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7da1f56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19251,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (16277)","md5":"c4b50535f3e989a77d537d5486342d47","sha1":"2a1cc988298c022def9376bd54f608f44154071a","sha256":"db8ee8be2b2456c191fc0739f34f6ac675af8ba4782380cf233024498e0eb968","sha512":"be3b974332c4dadc30025aa911fde008442c9f4966ade014a7b8f05926688e30b9fdc32ebdbdd53fe32fc3f4d9c6ac2310b98dc6602843f2d8f00b1ded4e9b83","ssdeep":"384:WAevzW+ZTbXUH3o//bEPhXgA5H1efAJmpr:WF6UXUH3o//YpXgAGfACr","tlshash":"d782fa9bb33a4e8f343e3bd7cd968f4dc9da555321c0e078dbeeb68169a00568274c90","first_seen":"2025-05-09T23:23:48.206606Z","last_seen":"2026-06-10T01:38:17.628329Z","times_seen":208188,"resource_available":true,"data":null}},"time_used":104,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":104,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/ae/79/89/ae7989f2633270f8048003ed9cebf55b/1756661969.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.292Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/ae/79/89/ae7989f2633270f8048003ed9cebf55b/1756661969.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 100950\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:39:29 GMT\r\netag: \"68b488d1-18a56\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100950,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:27:26], progressive, precision 8, 320x240, components 3","md5":"5188b48a2994b55c67b2211a8ed9208d","sha1":"bb1c8a605f489997516d624fbd593b3639e517f8","sha256":"571cbce9dfe4866d792c5bee341d78496f485c467f62fc02b05ceefb08ec6640","sha512":"e399ae6cb27bb09cf3b6103ddb797913f01b43bdafe23d901cd146ed2d544950268e28dd3ee6636fc04d0e6b3c46efdf4141e79de3cfeecd7f18e98e3ab25905","ssdeep":"3072:ooliolMDPZveGJW14aqv8nDsabzPqaqEGf:H92Nzv8UaqJ","tlshash":"bda3f12d6b69ce53f4d4277d3aa38ac68751a91253a3b7843cbd504933b064dbcce907","first_seen":"2025-09-02T18:27:26.483242Z","last_seen":"2026-05-24T23:15:49.41749Z","times_seen":1368,"resource_available":false,"data":null}},"time_used":860,"timings":{"blocked":381,"dns":1,"connect":21,"send":0,"wait":31,"receive":64,"ssl":359},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSPW8dRRSdNU8UScFHELQrRJFI-GW_3votKQATAhEhiZygFCjF7MysM7x9O8vMfjiuApGiiAIZiQJoWJ_nxCREERR0fETPCAlFAmULhIu44QcghESN1n6S4Rbn3rtni3PO3Gvr5Q7xUdLts2-qVZmm9Oig79iHL8iMq9rYp8_brtN3jtkXZBYGx-yVDnT1gusHfeeI_ZpgI3XUc1zHcR3XPiG1SNTK0V0WMr8Tuf3I6Qde3x0EWNH_301pwVALvNohT0Ly9rE_krch2RTZ-KvjwowKlT__6rhMaaE0Kr75VjbKVJ1hvD8m2kKSbc7-hjItIZ_MQWWbMwdQ1UbnALFsydzTDxFnmzOZiKsbe0rjFCJDzA-irqYQ6RSSTsHUVUj-gACM4_QZZOObp5Wu6eU9lnZsS3r__A1Zt6T38Clk47uLqVyxz6m0LKTKDFaSBnJlCrk8RV5uoVi1IOstsOJ9SP4LcZ45iGx8-3VVyZFdCT2C5NvPeb7D3YGTzEdB5MwH1KfzsaDD-aGbCM-N_MgbertByWQKauZQGgultFAmFsrcwphv24EzDJhL_TCJOFtwAhoEXMRONPQch0ZsASXrHKyhyNfA0jUwfQW5fu8L7i8IP2bBOsVIftQScs2HLu_BXGpguAVTEFS8QS0IakNQU4JaEtQFQV01N3hqPNPc5KkpY3fWvVn3m4kqltfpDVUsi4yA6jVo3mzI_F1zFax4ZLKaGD5RHdC4aCY05s16vkOe6MK2buU1RmLb9j1OExYnIQ_DKGQDP6QDyhjzQs4dQX0Y2UCaOVBjYVW2ZGnhJeSyJUc-vIeYbsGkW2DycdDSBa0b0EsNVrO7I8GpjNVI5H2mxuCqQV70UFy21tMdcmiydH7x3u6rX_ztVwh2n8wKTDfIdYN35I8Ey-n1yZKqycaSqg35-kxeyLFcpd1FnCtoIR69_Ya4XCvNTx43a7deZh3RjXfOC1OcohmX2bIhXy5KzoU-oTQT5LuT5oKIz5bm0mKpszI_dfaVEyfHuRbGSJVNQWVLDvz1AZhsyaHvP9-99sHhP8HyKzD5vk6jCOK8h1QSpGL_O40bmP_s8f68bq5jWfdAi6vIxg0q3aBKG9B0DaY8MClyff_Fnz_t6jPEaW8Sp7q3Eac6_bglF3__qYNvO_hhLzYjt-2BF_vhcBiKJOSJz33P59HAEVFAozCIggEK08pnv3nwbwAAAP__YqB-iJ8EAAA=","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSPW8dRRSdNU8UScFHELQrRJFI-GW_3votKQATAhEhiZygFCjF7MysM7x9O8vMfjiuApGiiAIZiQJoWJ_nxCREERR0fETPCAlFAmULhIu44QcghESN1n6S4Rbn3rtni3PO3Gvr5Q7xUdLts2-qVZmm9Oig79iHL8iMq9rYp8_brtN3jtkXZBYGx-yVDnT1gusHfeeI_ZpgI3XUc1zHcR3XPiG1SNTK0V0WMr8Tuf3I6Qde3x0EWNH_301pwVALvNohT0Ly9rE_krch2RTZ-KvjwowKlT__6rhMaaE0Kr75VjbKVJ1hvD8m2kKSbc7-hjItIZ_MQWWbMwdQ1UbnALFsydzTDxFnmzOZiKsbe0rjFCJDzA-irqYQ6RSSTsHUVUj-gACM4_QZZOObp5Wu6eU9lnZsS3r__A1Zt6T38Clk47uLqVyxz6m0LKTKDFaSBnJlCrk8RV5uoVi1IOstsOJ9SP4LcZ45iGx8-3VVyZFdCT2C5NvPeb7D3YGTzEdB5MwH1KfzsaDD-aGbCM-N_MgbertByWQKauZQGgultFAmFsrcwphv24EzDJhL_TCJOFtwAhoEXMRONPQch0ZsASXrHKyhyNfA0jUwfQW5fu8L7i8IP2bBOsVIftQScs2HLu_BXGpguAVTEFS8QS0IakNQU4JaEtQFQV01N3hqPNPc5KkpY3fWvVn3m4kqltfpDVUsi4yA6jVo3mzI_F1zFax4ZLKaGD5RHdC4aCY05s16vkOe6MK2buU1RmLb9j1OExYnIQ_DKGQDP6QDyhjzQs4dQX0Y2UCaOVBjYVW2ZGnhJeSyJUc-vIeYbsGkW2DycdDSBa0b0EsNVrO7I8GpjNVI5H2mxuCqQV70UFy21tMdcmiydH7x3u6rX_ztVwh2n8wKTDfIdYN35I8Ey-n1yZKqycaSqg35-kxeyLFcpd1FnCtoIR69_Ya4XCvNTx43a7deZh3RjXfOC1OcohmX2bIhXy5KzoU-oTQT5LuT5oKIz5bm0mKpszI_dfaVEyfHuRbGSJVNQWVLDvz1AZhsyaHvP9-99sHhP8HyKzD5vk6jCOK8h1QSpGL_O40bmP_s8f68bq5jWfdAi6vIxg0q3aBKG9B0DaY8MClyff_Fnz_t6jPEaW8Sp7q3Eac6_bglF3__qYNvO_hhLzYjt-2BF_vhcBiKJOSJz33P59HAEVFAozCIggEK08pnv3nwbwAAAP__YqB-iJ8EAAA= HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 8\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4982a036a7ce5f14f394308bdca7869f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":266,"timings":{"blocked":161,"dns":0,"connect":0,"send":0,"wait":105,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/db/3f/4e/db3f4e9bb2563c5d90aa30fa2047a623/1756661871.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.477Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/db/3f/4e/db3f4e9bb2563c5d90aa30fa2047a623/1756661871.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 82015\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:37:51 GMT\r\netag: \"68b4886f-1405f\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":82015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:56:38], progressive, precision 8, 320x240, components 3","md5":"a5e99008dec3cc78ac2ef712db916e71","sha1":"1727aa543c5a16969ae1c767b2b488f7deedc7c0","sha256":"809ba0ce4ca09a627e04907b7b4b850651bb1bc6fbe8c3fa28e95649a89ffa58","sha512":"6621cc914d11088d1b4b4ef9f59d0452217bd3886d95a7a6d6ae3a133b909eb1977797657d398380c9b036387c4361d783d77e0f5a6150a90a0a32de2b55f323","ssdeep":"1536:0f4FYf4FJxFgOsbKS46bxlW8k0rn2rcV4Kbf9FieN5LjS6:0IYIDUbPRxPvreOf9FierN","tlshash":"f783f1207fd6ac11f7eca178095cc7a4e7a09e667e17225ab8fc72a53730391eac144d","first_seen":"2025-09-02T18:27:26.453754Z","last_seen":"2026-05-23T19:23:26.522994Z","times_seen":1357,"resource_available":false,"data":null}},"time_used":355,"timings":{"blocked":196,"dns":0,"connect":0,"send":0,"wait":88,"receive":71,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7OGxksWRYBWiQCIGG29uzDxrIgIMRYe06QJSRvxAW-AP4ChESM5m6lgxfUe29qgqrqd21S7hIfJd05964ayTSlx3pdx37xosy4qo195oLtOl3nuH1RZmFw3N5oQVevuH7QdY7abwk2UMc8x3Uc13Htk1KLRG0c22Mh8zuR242cbuB13V6ADf3f3ZQWDLXAq13yNCSfP_FH8j4kmyEbfn9CmEGh8pffHJYpLZRGxbfeywaZqjMMD8ZEW0iyrcXfUGZOyJdLUNnWwgFUtdk6QCznZOnZx4izrYVMxNWNfaVxCpEh5odRVzOIdAZJZ2DqKiR_RADGceYssuHNM0rX9PI-S1t2Tjp__wVZz0nn8TPIhndXU7lhn1dpWUiVGWwkDeTGDHJ9hrzcRjGyIOttsOITSP4rcZ47jGx4-21VyYFdCT2A5DsveL7D3Z6TLEdB5CwH1KfLsaD95b6bCM-N_Mjre3tByWQGapZQGgultFAmFsrcwpDv2IHTD5hL_TCJOFtxAhoEXMRO1Pcch0ZsBSVrHYxR5GOwdAymryDXH3_L_RXhxyyYUAzk53NCrvnQ5X2YSw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmBk-NZ5qbPDVl7C66t-h-M1XF-oTeUMW6yAioHkPzZlPmH5mrYMX_pqPE8KlqgcZFM6Uxbyb5LnmqDdu6ldcYiB3b9zhNWJyEPAyjkPX8kPYoY8wLOXcE9WFkA2mWQI2FkZyTtZXXkMs5OfrZfcR0GybdBpNPgpYuaN2AXmowyu4OBKcyVgORd5kagqsGedFBcdmapLvkyHTtwur9vVf_4LcZBHtIFgWmG-S6wYfyAcF6en26pmqyuaZqQ344mxdyKEe0vYjzBS3E_2-_Iy7XSvNTJ8z41uusJdrxzgVhitM04zJbN-S7Vcm50CeVZoL8dMpcFPG50lxaLXVW5qfPvXHy1DDXwhipshmonJNDf34KJufkyL1v9q6999LvYPkVmPxAp1EEcd5BKglScfCdxg3Mv_b4YJ6Y61jXHdDiKrJhg0o3qNIGNB3DlIemRa4fvvrLV219jTjtTONUdzbjVKdftDn93MK9Fh7sx2bkjt3zYj_s90ORhDzxue_5POo5IgpoFAZR0ENh5vL5Hx_9EwAA__9FcWkznwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.527Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSvY8cxRfsud_qF9gBH0aQjhABRtx6vnZuBwfAYQwWxrbORg4QQU93z7nZ2emhez7OGxksWRYBWiQCIGG29uzDxrIgIMRYe06QJSRvxAW-AP4ChESM5m6lgxfUe29qgqrqd21S7hIfJd05964ayTSlx3pdx37xosy4qo195oLtOl3nuH1RZmFw3N5oQVevuH7QdY7abwk2UMc8x3Uc13Htk1KLRG0c22Mh8zuR242cbuB13V6ADf3f3ZQWDLXAq13yNCSfP_FH8j4kmyEbfn9CmEGh8pffHJYpLZRGxbfeywaZqjMMD8ZEW0iyrcXfUGZOyJdLUNnWwgFUtdk6QCznZOnZx4izrYVMxNWNfaVxCpEh5odRVzOIdAZJZ2DqKiR_RADGceYssuHNM0rX9PI-S1t2Tjp__wVZz0nn8TPIhndXU7lhn1dpWUiVGWwkDeTGDHJ9hrzcRjGyIOttsOITSP4rcZ47jGx4-21VyYFdCT2A5DsveL7D3Z6TLEdB5CwH1KfLsaD95b6bCM-N_Mjre3tByWQGapZQGgultFAmFsrcwpDv2IHTD5hL_TCJOFtxAhoEXMRO1Pcch0ZsBSVrHYxR5GOwdAymryDXH3_L_RXhxyyYUAzk53NCrvnQ5X2YSw0Mt2AKgoo3qAVBbQhqSlBLgrogqKvmBk-NZ5qbPDVl7C66t-h-M1XF-oTeUMW6yAioHkPzZlPmH5mrYMX_pqPE8KlqgcZFM6Uxbyb5LnmqDdu6ldcYiB3b9zhNWJyEPAyjkPX8kPYoY8wLOXcE9WFkA2mWQI2FkZyTtZXXkMs5OfrZfcR0GybdBpNPgpYuaN2AXmowyu4OBKcyVgORd5kagqsGedFBcdmapLvkyHTtwur9vVf_4LcZBHtIFgWmG-S6wYfyAcF6en26pmqyuaZqQ344mxdyKEe0vYjzBS3E_2-_Iy7XSvNTJ8z41uusJdrxzgVhitM04zJbN-S7Vcm50CeVZoL8dMpcFPG50lxaLXVW5qfPvXHy1DDXwhipshmonJNDf34KJufkyL1v9q6999LvYPkVmPxAp1EEcd5BKglScfCdxg3Mv_b4YJ6Y61jXHdDiKrJhg0o3qNIGNB3DlIemRa4fvvrLV219jTjtTONUdzbjVKdftDn93MK9Fh7sx2bkjt3zYj_s90ORhDzxue_5POo5IgpoFAZR0ENh5vL5Hx_9EwAA__9FcWkznwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c25d473343475182cae2e604578eb811\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":429,"timings":{"blocked":330,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RSv48VVRi9s2wsoPAHRtuJsRDjPubXm30jhboiSkQgC4bCUNy5985yffPmjvfOj2UrlIQQC7MmFmrjvPMWVpAQLSwhm7c0hkTDFMYt2Ma_wJhYm1lesvoV33e-OVOcc-53bVzuEh8l3Tn7gVqTaUqP9nuO_coFmXFVG_v0edt1es4x-4LMwuCYvdo1Xb3u-kHPOWK_K9hQHfUc13Fcx7VPSC0StXp0j4XM70RuL3J6gddz-wFW9f93U1ow1AKvdslzkLx9-s_kI0g2RTb68bgww0Llr70zKlNaKI2Kb36YDTNVZxjtw0RbSLLN2d9QpiXk6zmobHPmAKra6Bwgli2Ze-Ex4mxzJhNxdeOJ0jiFyBDzQ6irKUQ6haRTMHUVkj8iAOM4fQbZ6OZppWt6-QlLO7Yl8__8DVm3ZP7x88hGd5dSuWqfU2lZSJUZrCYN5OoUcmWKvNxGsWZB1ttgxWeQ_FfivHgI2ej2e6qSQ7sSegjJd172fIe7fSdZiILIWQioTxdiQQcLAzcRnhv5kTfw9oKSyRTUzKE0FkppoUwslLmFEd-xA2cQMJf6YRJxtugENAi4iJ1o4DkOjdgiStY5WEeRr4Ol62D6CnL96ffcXxR-zIIxxVB-2RJyzYcut2AuNTDcgikIKt6gFgS1IagpQS0J6oKgrpobPDWeaW7y1JSxO5vebPrNRBUrY3pDFSsiI6B6HZo3GzL_xFwFKw5M1hLDJ6prNC6aCY15M853ybNd2NatvMZQ7Ni-x2nC4iTkYRiFrO-HtE8ZY17IuSOoDyMbSDMHaiysyZYsL76JXLbkyBdbiOk2TLoNJp8BLV3QugG91GAtuzsUnMpYDUXeY2oErhrkxTyKy9Y43SWHJ8vnl7b2Xv3iH_ch2EMyKzDdINcNPpYPCFbS65NlVZONZVUb8tOZvJAjuUa7izhX0EI8dft9cblWmp88btZvvcU6ooN3zgtTnKIZl9mKIT8sSc6FPqE0E-TeSXNBxGdLc2mp1FmZnzr79omTo1wLY6TKpqCyJQf_-hxMtuTw_e_2rr3_6i5YfgUm39dpFEGcH0AqCVKx_53GDcx_9ngfj811rOh50OIqslGDSjeo0gY0XYcpD06KXD9845dvuvoWcTo_iVM9vxGnOv2qy-lB1-7tJdaSi7__BiN37L4X--FgEIok5InPfc_nUd8RUUCjMIiCPgrTypd-fvRvAAAA__9j4RqYnwQAAA==","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.533Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSv48VVRi9s2wsoPAHRtuJsRDjPubXm30jhboiSkQgC4bCUNy5985yffPmjvfOj2UrlIQQC7MmFmrjvPMWVpAQLSwhm7c0hkTDFMYt2Ma_wJhYm1lesvoV33e-OVOcc-53bVzuEh8l3Tn7gVqTaUqP9nuO_coFmXFVG_v0edt1es4x-4LMwuCYvdo1Xb3u-kHPOWK_K9hQHfUc13Fcx7VPSC0StXp0j4XM70RuL3J6gddz-wFW9f93U1ow1AKvdslzkLx9-s_kI0g2RTb68bgww0Llr70zKlNaKI2Kb36YDTNVZxjtw0RbSLLN2d9QpiXk6zmobHPmAKra6Bwgli2Ze-Ex4mxzJhNxdeOJ0jiFyBDzQ6irKUQ6haRTMHUVkj8iAOM4fQbZ6OZppWt6-QlLO7Yl8__8DVm3ZP7x88hGd5dSuWqfU2lZSJUZrCYN5OoUcmWKvNxGsWZB1ttgxWeQ_FfivHgI2ej2e6qSQ7sSegjJd172fIe7fSdZiILIWQioTxdiQQcLAzcRnhv5kTfw9oKSyRTUzKE0FkppoUwslLmFEd-xA2cQMJf6YRJxtugENAi4iJ1o4DkOjdgiStY5WEeRr4Ol62D6CnL96ffcXxR-zIIxxVB-2RJyzYcut2AuNTDcgikIKt6gFgS1IagpQS0J6oKgrpobPDWeaW7y1JSxO5vebPrNRBUrY3pDFSsiI6B6HZo3GzL_xFwFKw5M1hLDJ6prNC6aCY15M853ybNd2NatvMZQ7Ni-x2nC4iTkYRiFrO-HtE8ZY17IuSOoDyMbSDMHaiysyZYsL76JXLbkyBdbiOk2TLoNJp8BLV3QugG91GAtuzsUnMpYDUXeY2oErhrkxTyKy9Y43SWHJ8vnl7b2Xv3iH_ch2EMyKzDdINcNPpYPCFbS65NlVZONZVUb8tOZvJAjuUa7izhX0EI8dft9cblWmp88btZvvcU6ooN3zgtTnKIZl9mKIT8sSc6FPqE0E-TeSXNBxGdLc2mp1FmZnzr79omTo1wLY6TKpqCyJQf_-hxMtuTw_e_2rr3_6i5YfgUm39dpFEGcH0AqCVKx_53GDcx_9ngfj811rOh50OIqslGDSjeo0gY0XYcpD06KXD9845dvuvoWcTo_iVM9vxGnOv2qy-lB1-7tJdaSi7__BiN37L4X--FgEIok5InPfc_nUd8RUUCjMIiCPgrTypd-fvRvAAAA__9j4RqYnwQAAA== HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 255f10efbe996b884a35cadb626432df\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":428,"timings":{"blocked":330,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/watch.1266780481051.js?dev=e\u0026key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=663168a244228132a7eeb8b3814109fad0f4ff143bc178335fd31bf51f484693d5ddd3f9d1634ec3fc4a5b5d120e9c7ffc3b1c8aeb9d227c52fc786ea18d5d1e35a170dc58418aa538a361e88fa8c0e05580c9ac3655e76365ec85\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.924Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 00:22:29 GMT","end":"Wed, 28 Jan 2026 00:22:28 GMT"},"fingerprint":{"sha1":"AA:F8:F2:CD:8F:90:E0:34:26:52:5F:28:83:02:25:29:22:DE:BB:79","sha256":"E5:C6:96:84:40:94:64:CB:57:23:67:51:0E:0F:27:85:86:63:98:09:63:88:91:67:0A:01:DC:33:5A:53:16:A6"}}},"request":{"raw":"GET /watch.1266780481051.js?dev=e\u0026key=9bc8b6a0f162da8d7a0d1e3abeaaf9d3\u0026kw=%5B%22official1auraa%22%2C%22archives%22%2C%22-%22%2C%22kedai%22%2C%22bokep%22%5D\u0026pst=1763882508\u0026rb=\u0026refer=https%3A%2F%2Fkedaibokep.com%2Ftag%2Fofficial1auraa%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=663168a244228132a7eeb8b3814109fad0f4ff143bc178335fd31bf51f484693d5ddd3f9d1634ec3fc4a5b5d120e9c7ffc3b1c8aeb9d227c52fc786ea18d5d1e35a170dc58418aa538a361e88fa8c0e05580c9ac3655e76365ec85\u0026tz=0\u0026uuid=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kedaibokep.com\r\nReferer: https://kedaibokep.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzg4MTU4NiwiayI6IjliYzhiNmEwZjE2MmRhOGQ3YTBkMWUzYWJlYWFmOWQzIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1Mzg4MDk2LCJwaWQiOjI3MjM1MjAsImFuIjp0cnVlLCJsYW4iOnRydWUsImNpZCI6MTYsImFpZCI6NSwicHQiOjQsInBrIjoiZnpwZ2d0cGEiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va2VkYWlib2tlcC5jb20vdGFnL29mZmljaWFsMWF1cmFhLyIsImFyIjpbXX19.jvVjWsdGIg4u5UBsRudlKDPKj9AApJEzlstIcGaR7uI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:48 GMT\r\nContent-Type: text/html\r\nContent-Length: 3619\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kedaibokep.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; expires=Sun, 30 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\npdhtkv5=true; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nuncs5=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\nu_pl27881586=1; expires=Mon, 24 Nov 2025 07:20:48 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 21\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c6a218b236cf74fdfa1867ee0439d87d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5039,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (4163)","md5":"04029258ecd869033d93a5757f222ca7","sha1":"24335781d2a4bbac6e516c90f8fc7f190f38fbcb","sha256":"463a6e3b5a6234cb0d5c7e3e0b4f014302ff12325f98f749cc70a17d2e17b7d5","sha512":"0ae6774c54313a501c14222d3cb3cecc444d757ad2bf561b3f27dcfa55d00feddb23cd4578aef52e75506968e5832dc55eccf9cc8d083b7cd608ec3c804ea7e3","ssdeep":"96:y89QvRhoznJIOyX3LP/e/JYk/fIJQ1uFZjozv8u1ZDQbTCfMEDaH:b9QvkzRqL3RkGQ1WVoD8SV2CkCaH","tlshash":"b0a14ca29ecea17c855b70fd133a80185f53d0575605af44398ccba86f00f86a99dcd8","first_seen":"2025-11-23T07:21:30.211244Z","last_seen":"2025-11-23T07:21:30.211244Z","times_seen":1,"resource_available":false,"data":null}},"time_used":116,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":116,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.239Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:49 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 81446\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:42:07 GMT\r\netag: \"68b4896f-13e26\"\r\nexpires: Tue, 25 Nov 2025 07:20:49 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81446,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:39:09], progressive, precision 8, 320x240, components 3","md5":"5cc1ea1ae22514d2a4e634a3fc00fc38","sha1":"17a827b9ae082506fe9d086fd2d006d0593ae5e8","sha256":"2a7d63fc873f793b91adea7c866b01e00bb59f075fc29953fd108f52fb5ede09","sha512":"9b57eb1e4bf4668182319d2f0bfa356c766de2afe94f188dc84054140014267d1f1ad0cf81b91421d88cdba16a9ad51b8acc87b9540c93c523bd66dd444304b5","ssdeep":"1536:LNkk6f2Nkk6fvhbg2DyMgTuF+faDypx3cvkYWMwjYz8+HjFOn:LZk2ZkJb+XTuF80sYWnYz8MjFQ","tlshash":"c183e125b3d1efb2e5d8973498a3c719f6219e45673760913e8db5a03fe2361da8c023","first_seen":"2025-09-02T19:18:23.934309Z","last_seen":"2026-05-30T22:14:17.864959Z","times_seen":1461,"resource_available":false,"data":null}},"time_used":1068,"timings":{"blocked":463,"dns":1,"connect":19,"send":0,"wait":62,"receive":75,"ssl":444},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/11/1360.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.532Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/11/1360.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kedaibokep.com/wp-content/uploads/2025/08/50.jpg","fqdn":"kedaibokep.com","domain":"kedaibokep.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kedaibokep.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 17:49:40 GMT","end":"Sun, 01 Feb 2026 18:47:18 GMT"},"fingerprint":{"sha1":"00:21:C7:1C:BB:78:07:9D:97:2C:2A:A2:27:AD:D3:1D:75:C3:59:98","sha256":"66:36:7E:28:DC:6B:DF:51:F7:71:00:4C:01:F7:25:52:C2:40:CD:7D:B9:5B:92:40:63:33:31:FA:C7:76:8A:FD"}}},"request":{"raw":"GET /wp-content/uploads/2025/08/50.jpg HTTP/1.1\r\nHost: kedaibokep.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/tag/official1auraa/\r\nCookie: _ga_3E31P8KF13=GS2.1.s1763882448$o1$g0$t1763882448$j60$l0$h0; _ga=GA1.1.1454402186.1763882448; dom3ic8zudi28v8lr6fgphwffqoz0j6c=230d150f-9490-4a3a-bea8-81fe21939282%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 23 Nov 2025 07:20:48 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 40289\r\ncache-control: public, max-age=604800\r\nexpires: Sun, 30 Nov 2025 07:20:48 GMT\r\netag: \"9d61-6908fce7-17bb29;;;\"\r\nlast-modified: Mon, 03 Nov 2025 19:05:11 GMT\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oNcSjAj5Zkop9N%2BPseuZzps%2FpR6brxA4%2FnWupevh7%2FEZbg0NC2WDQ%2BAXcnuJTkinOKYWQluzgLGg%2ByOtlxvjieFLRed7yGgeSy9kiw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a2ee7f7ca0f56a9-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40289,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 320x180, components 3","md5":"ece44be3439ff5235ff531914a49ac5b","sha1":"a4f6acf39ef7cb14b173f27ecce3bdbfcd1941ed","sha256":"0fc6d9a5537ee18c3d18f9aacd4d9007fdb934f80f666bdd9bcc1a54994c2d3e","sha512":"c54a3f561722422e17a491ed7fee375f0481c8bf136e625b750b86f900526551467d838c49077a5e01da354f9b0e1dee5fa6d2bb9305fedc320a97625d5bfc0d","ssdeep":"768:ek8Rpfka39QQNRMWjydwpod4ruZ8cG7ZDTUCWxdrfAJUCPXM:p8Rpf739BQDdwylsIxdrSR0","tlshash":"9d03f102494aaa7d8c5b50ff36b812011b5a191a987abc43f4c0cac4f95fd68528ebf7","first_seen":"2025-11-19T16:26:44.509457Z","last_seen":"2025-11-23T07:21:30.213331Z","times_seen":2,"resource_available":false,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":35,"receive":61,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"kedaibokep.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/10/4f/b1/104fb17107ff84126282d6221732be30.js","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:48.687Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /10/4f/b1/104fb17107ff84126282d6221732be30.js HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3422\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bb4de9e4ad088e4a2f15d0cc223dc16c\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6461,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6461), with no line terminators","md5":"26ce7791f08fb671816e8ac15c21abcc","sha1":"cd121446322214f9ee849fadd1686452f9acf3a9","sha256":"e039e804b7483aec11801d7a306db1603f9c6d5f562340f9a5dbeda753c0224d","sha512":"01af678dd36e5bcfaf95c43fee3d7ac605299c1aca9187b5b330dffac03c16910e373e8ccb57e00c66810daff06b475d561370c05abe8a3beb00f5f9f950c409","ssdeep":"96:PKheeIZELV3rtYwDxXvH9VLgjY6oB/rCKTQ3l35AcOrzYdOtkiz9u5Z4tTpfn7:Pbj6VbjxXvw8zTCKTvlSQpfn7","tlshash":"b9d185883e81f0d513a3b5779a3f6549b3ad6814549fd804e107a0d03e2ce2ae97b6a5","first_seen":"2025-10-22T08:34:06.793976Z","last_seen":"2025-12-01T10:40:04.095127Z","times_seen":3160,"resource_available":true,"data":null}},"time_used":682,"timings":{"blocked":284,"dns":20,"connect":92,"send":0,"wait":95,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"foldingcutleryhelium.com/ren.gif?sid=H4sIAAAAAAAC_1RTvY8cxRPtPZ9-gR38ACNIR4gAI249Xzu3gwPgMAYLY1tnIwcIoZ7unrtmZ6eH7vk4bwRYWBYBWiQCIGH27frONpYFAREYmTUJsoTkjTgJX8JfgJCI0axXOqjgVdW8F1S9qb48KvaIh4Lunn1DDWSS0KOdtm09c0GmXFXGOn3ecuy2fcy6INPAP2ZtNaDL5x3Pb9tHrFcF66mjru3YtmM71gmpRay2js5ZyOxm6LRDu-27bafjY0v_tzfFEgxdAi_3yGOQfPb_P-K3INkUaf-b48L0cpU990q_SGiuNEq-82baS1WVor9fxrqFON1ZqKHMjJDPl6DSncUGUOWk2QCRnJGlJx4gSncWYyIqrz6cNEogUkT8EKpyCpFMIekUTF2C5PcJwDhOn0Ha3z6tdEUvPmRpw87I8t9_QVYzsvzgcaT9W2uJ3LLOqaTIpUoNtuIacmsKuTFFVkyRD1qQ1V2w_ENI_iuxnzyEtH_jNVXKnlUK3YPku0-7ns2djh2vhH5or_jUoyuRoN2VrhML1wm90O26c6NkPAU1SyhMC4VsoYhbKLIW-nzX8u2uzxzqBXHI2artU9_nIrLDrmvbNGSrKFizwRB5NgRLhmD6o2sZ38x7pR9Ocl2I7SJlxg9Hzs3inSxxV7tdpxM6I2f7oWqumTSakYNMf3CNe6vCi5g_oujJT2eEXPagizswmzUMb8HkBCWvUQmCyhBUlKCSBFVOUJX1VZ4Y19TbPDFF5Cyyu8hePVb5xoheVfmGSAmoHkLzeiKz98wlsPzAeBAbPlYN0CivxzTi9SjbI482f6l1PavQE7uW53IasygOeBCEAet4Ae1QxpgbcG4L6sHIGtIsgZoWBnJG1ldfRCZn5MgndxDRuzDJXTD5CGjhgFY16GaNQXqrJziVkeqJrM1UH1zVyPJl5Bdbo2SPHB6vn1-7Mz-Xt3_7AYLdI4sA0zUyXeNd-TPBRnJlvK4qMllXlSHfnsly2ZcD2pzSuZzm4n83XhcXK6X5yeNmeP0l1hBNefO8MPkpmnKZbhjy9ZrkXOgTSjNBbp80F0R0tjCba4VOi-zU2ZdPnOxnWhgjVToFlTNy8M-PweSMHP7xq_kz6Tz7O1j2Pky2P6dRBFF2AIkkSMT-dxrVMP_qo_16ZK5gQy-D5peQ9muUukaZ1KDJEKY4OM4zfe-FX75o4ktEyfI4SvTyJEp08lnj0_cN_DR3rIHbMHLX6riRF3S7gYgDHnvccz0edmwR-jQM_NDvIDcz-dR39_8JAAD__5_qbzTYBAAA","fqdn":"foldingcutleryhelium.com","domain":"foldingcutleryhelium.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kedaibokep.com/tag/official1auraa/","date":"2025-11-23T07:20:49.465Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"foldingcutleryhelium.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 07:36:14 GMT","end":"Sun, 08 Feb 2026 07:36:13 GMT"},"fingerprint":{"sha1":"D3:25:52:61:F3:75:78:F8:A8:B9:85:77:DD:09:FD:00:02:E3:49:19","sha256":"74:89:29:5D:95:58:F0:04:6E:A3:0B:56:3C:FA:CB:B5:2E:B8:0E:8A:44:90:41:CC:52:34:37:E6:66:C0:4F:34"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTvY8cxRPtPZ9-gR38ACNIR4gAI249Xzu3gwPgMAYLY1tnIwcIoZ7unrtmZ6eH7vk4bwRYWBYBWiQCIGH27frONpYFAREYmTUJsoTkjTgJX8JfgJCI0axXOqjgVdW8F1S9qb48KvaIh4Lunn1DDWSS0KOdtm09c0GmXFXGOn3ecuy2fcy6INPAP2ZtNaDL5x3Pb9tHrFcF66mjru3YtmM71gmpRay2js5ZyOxm6LRDu-27bafjY0v_tzfFEgxdAi_3yGOQfPb_P-K3INkUaf-b48L0cpU990q_SGiuNEq-82baS1WVor9fxrqFON1ZqKHMjJDPl6DSncUGUOWk2QCRnJGlJx4gSncWYyIqrz6cNEogUkT8EKpyCpFMIekUTF2C5PcJwDhOn0Ha3z6tdEUvPmRpw87I8t9_QVYzsvzgcaT9W2uJ3LLOqaTIpUoNtuIacmsKuTFFVkyRD1qQ1V2w_ENI_iuxnzyEtH_jNVXKnlUK3YPku0-7ns2djh2vhH5or_jUoyuRoN2VrhML1wm90O26c6NkPAU1SyhMC4VsoYhbKLIW-nzX8u2uzxzqBXHI2artU9_nIrLDrmvbNGSrKFizwRB5NgRLhmD6o2sZ38x7pR9Ocl2I7SJlxg9Hzs3inSxxV7tdpxM6I2f7oWqumTSakYNMf3CNe6vCi5g_oujJT2eEXPagizswmzUMb8HkBCWvUQmCyhBUlKCSBFVOUJX1VZ4Y19TbPDFF5Cyyu8hePVb5xoheVfmGSAmoHkLzeiKz98wlsPzAeBAbPlYN0CivxzTi9SjbI482f6l1PavQE7uW53IasygOeBCEAet4Ae1QxpgbcG4L6sHIGtIsgZoWBnJG1ldfRCZn5MgndxDRuzDJXTD5CGjhgFY16GaNQXqrJziVkeqJrM1UH1zVyPJl5Bdbo2SPHB6vn1-7Mz-Xt3_7AYLdI4sA0zUyXeNd-TPBRnJlvK4qMllXlSHfnsly2ZcD2pzSuZzm4n83XhcXK6X5yeNmeP0l1hBNefO8MPkpmnKZbhjy9ZrkXOgTSjNBbp80F0R0tjCba4VOi-zU2ZdPnOxnWhgjVToFlTNy8M-PweSMHP7xq_kz6Tz7O1j2Pky2P6dRBFF2AIkkSMT-dxrVMP_qo_16ZK5gQy-D5peQ9muUukaZ1KDJEKY4OM4zfe-FX75o4ktEyfI4SvTyJEp08lnj0_cN_DR3rIHbMHLX6riRF3S7gYgDHnvccz0edmwR-jQM_NDvIDcz-dR39_8JAAD__5_qbzTYBAAA HTTP/1.1\r\nHost: foldingcutleryhelium.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://kedaibokep.com/\r\nCookie: uid_id2=230d150f-9490-4a3a-bea8-81fe21939282:2:1; pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl27881591=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 23 Nov 2025 07:20:49 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: foldingcutleryhelium.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0dbd70c8dc90446874edf219fc9f995b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-06-10T02:14:21.808818Z","times_seen":16284503,"resource_available":true,"data":null}},"time_used":265,"timings":{"blocked":166,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-11-22","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-23","alert":"Sinkholed","trigger":"foldingcutleryhelium.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}}]}