{"report_id":"595e1e76-a9da-4bf9-85ab-0f4bd8d45589","version":6,"status":"done","tags":[],"date":"2026-03-02T22:32:00Z","url":{"schema":"http","addr":"lostinoffst.click","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"103.224.182.212","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"final":{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"title":"lostinoffst.click","dom":{"size":100263,"mime_type":"text/html; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (13416)","md5":"4dc3a28e97887d66515dfc944e71a699","sha1":"dd99f600f2520bf8e1e458ee856ff3d141dff52e","sha256":"23ca2ae3b40c3363ec491d7d098abdbe49063bdde0182aae58ad53e36f1ad672","sha512":"4abf9aa2763c54d38e00033c052bfe10604624f412f450ecd286ca52aac130458c824f0357c8f80d16f5cae62ed8cddad0f42ce51cf11e512c625ca75f0444ec","ssdeep":"3072:YzV7UZkM7SH3MM2qAFQ9xfeATfxmphmOmTmwmU0Y0/L4LEhghQUT8Cu++Ocl:HZkwSH3MM2qAFQ9xfeATft8Cu++O2","tlshash":"a4a34b8d34867432436724d5713e2bcbe2be2567328d4844f5b6e7a238ac9c78913e7d","dom_hash":"domhash3dad8800ac34a2c78ec6825d43e5dab2","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"lostinoffst.click","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"103.224.182.212","port":0,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-06T22:32:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":6,"urlquery":0,"analyzer":9}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:40Z","timestamp":1772490700,"ip_dst":{"addr":"103.224.182.212","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59380,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:40.097687+0000\",\"flow_id\":628684692892027,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":59380,\"dest_ip\":\"103.224.182.212\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"lostinoffst.click\",\"url\":\"/?tr_uuid=20260303-0931-38ad-8f5b-fad97b5da97b\u0026fp=-7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ww38.lostinoffst.click/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":759,\"bytes_toclient\":401,\"start\":\"2026-03-02T22:31:39.764283+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"103.224.182.212","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"Client IP","port":59396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.097211+0000\",\"flow_id\":566444174519436,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":59396,\"dest_ip\":\"103.224.182.212\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":567},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1068,\"start\":\"2026-03-02T22:31:42.765068+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.745838+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.qlq2z3KaJdnZPIFx8XNQDgY9ASjVPvqXD52U9xcNitMwISSzpDjGng.7THuF_tKXI2g4PVjkiSU6g.W4ngBuIoLl2kNwWkd0Xppb7wNrn6sXDOqQqniQOMxznRB1W1d_4ilYVjTYZ56M4U1wjuAmdSswZhb1FlwjVOZvVMWpAGgCmNRbAP_xMigkqpES6ODZxW8xpE85Tqa1JNektLmdyyuSw-sYu6ZA2m5GlW2oOHH9RPFRug3qIO8MrIhEg65MatzRy8t-NZq1PeZ_ege7eBp3kCfx4SuPyyiQ.yzkgPsQwjWs0hvAmYF70dQ\u0026t=69a60fcf\u0026token=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://ww38.lostinoffst.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":146},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":10,\"bytes_toserver\":1741,\"bytes_toclient\":6708,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"Client IP","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.895585+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://ww38.lostinoffst.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":11,\"bytes_toserver\":2218,\"bytes_toclient\":6992,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:44Z","timestamp":1772490704,"ip_dst":{"addr":"Client IP","port":44526,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"severity":"low","alert":"ET INFO Observed ZeroSSL SSL/TLS Certificate","source":"{\"timestamp\":\"2026-03-02T22:31:44.044359+0000\",\"flow_id\":329078511979730,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"34.251.101.162\",\"src_port\":443,\"dest_ip\":\"172.18.0.20\",\"dest_port\":44526,\"proto\":\"TCP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2031231,\"rev\":3,\"signature\":\"ET INFO Observed ZeroSSL SSL/TLS Certificate\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2020_11_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2022_12_01\"]}},\"tls\":{\"subject\":\"CN=*.blueridgeloop.com\",\"issuerdn\":\"C=AT, O=ZeroSSL, CN=ZeroSSL ECC Domain Secure Site CA\",\"serial\":\"00:A4:29:64:5E:A7:15:34:AA:6A:91:E1:85:DF:D0:D5:3C\",\"fingerprint\":\"f0:b4:9e:ab:ec:f1:b1:6e:fc:2f:30:44:a7:59:88:02:56:5a:c9:de\",\"sni\":\"obseu.blueridgeloop.com\",\"version\":\"TLS 1.2\",\"notbefore\":\"2026-01-29T00:00:00\",\"notafter\":\"2026-04-29T23:59:59\",\"ja3\":{\"hash\":\"650c82854aed91a22996035b295a0c3e\",\"string\":\"771,4865-4867-4866-49195-49199-52393-52392-49196-49200-49171-49172-156-157-47-53,0-23-65281-10-11-16-5-34-51-43-13-28-21,29-23-24-25-256-257,0\"},\"ja3s\":{\"hash\":\"80d47c47e3ce91bc3bd0a026dbd1664d\",\"string\":\"771,49196,5-65281-16\"}},\"app_proto\":\"tls\",\"flow\":{\"pkts_toserver\":7,\"pkts_toclient\":6,\"bytes_toserver\":1080,\"bytes_toclient\":3915,\"start\":\"2026-03-02T22:31:43.937170+0000\"}}"}],"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"euob.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null},"summary":[{"fqdn":"lostinoffst.click","ip":{"addr":"103.224.182.212","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"domain_registered":"2024-06-24","domain_rank":0,"first_seen":"2025-06-29T16:07:02.078133Z","last_seen":"2025-07-22T07:02:59.54918Z","alert_count":2,"request_count":4,"received_data":36043,"sent_data":1917,"comment":"","tags":null,"fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}]},{"fqdn":"ww38.lostinoffst.click","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-06-24","domain_rank":0,"first_seen":"2026-03-02T22:32:00.767943Z","last_seen":"2026-03-02T22:32:00.767943Z","alert_count":4,"request_count":4,"received_data":16831,"sent_data":2041,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"yfdpco3.com","ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-03-20","domain_rank":2753785,"first_seen":"2025-07-30T08:47:29.605544Z","last_seen":"2026-02-27T13:00:30.196165Z","alert_count":0,"request_count":1,"received_data":9846,"sent_data":655,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"euob.blueridgeloop.com","ip":{"addr":"3.167.2.93","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"2026-01-28","domain_rank":0,"first_seen":"2026-01-29T13:44:47.675163Z","last_seen":"2026-02-26T14:12:40.056422Z","alert_count":1,"request_count":1,"received_data":121518,"sent_data":458,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}]},{"fqdn":"obseu.blueridgeloop.com","ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"domain_registered":"2026-01-28","domain_rank":0,"first_seen":"2026-01-29T13:46:22.485862Z","last_seen":"2026-02-26T14:09:24.892788Z","alert_count":12,"request_count":6,"received_data":5298,"sent_data":4958,"comment":"","tags":null,"fingerprints":null},{"fqdn":"l.cdn-fileserver.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":962880,"first_seen":"2025-04-11T15:28:22.753596Z","last_seen":"2026-03-02T02:04:56.666965Z","alert_count":6,"request_count":3,"received_data":2611,"sent_data":8552,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"s.cdn-fileserver.com","ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-08","domain_rank":1473336,"first_seen":"2025-04-11T18:11:28.393379Z","last_seen":"2026-03-02T02:25:33.814618Z","alert_count":6,"request_count":3,"received_data":45204,"sent_data":1522,"comment":"","tags":null,"fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"msadsscale.microsoft.com","ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"domain_registered":"1991-05-02","domain_rank":241518,"first_seen":"2025-01-13T10:51:37Z","last_seen":"2026-02-25T11:56:53.980509Z","alert_count":0,"request_count":1,"received_data":73333,"sent_data":461,"comment":"","tags":null,"fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}]},{"fqdn":"s.yimg.com","ip":{"addr":"87.248.119.251","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"1997-05-14","domain_rank":4553,"first_seen":"2012-05-20T22:45:00Z","last_seen":"2026-03-02T02:27:28.436965Z","alert_count":0,"request_count":1,"received_data":13503,"sent_data":456,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"realtimesearchresults.com","ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"domain_registered":"2025-02-14","domain_rank":464056,"first_seen":"2025-03-28T05:14:07.92032Z","last_seen":"2026-02-28T02:30:44.100252Z","alert_count":2,"request_count":1,"received_data":68184,"sent_data":1275,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f692895d5bdf159e30c6744e60b15a53","sha1":"6d5d42e8f1762cce26e8c0cbe8d412baf2c7cb75","sha256":"69499f1725703b16fd7fa981ab33781c29119b3c651851b431ad3c6cdcbaa436","sha512":"94bdf6e358edc3114f74aea5440bad4b37f26644d8bab86bfb2d1db68566a567a28ca2d28334237262cdee937f99b783f61db20a09442bfe2d34a28dc58a1757","ssdeep":"","tlshash":"0021e1ca5cea001967b3209d0e1b4849b4329d1f6389db01bd4c1a903f58729d7b57e7","size":1280,"data":"","first_seen":"2026-03-02T22:32:04.789677Z","last_seen":"2026-03-02T22:32:04.789677Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"yfdpco3.com/sk-park.php?pid=9PO15V947\u0026dn=lostinoffst.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.lostinoffst.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","fqdn":"yfdpco3.com","domain":"yfdpco3.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"38a9a76c70d94e3e81081245d2deaed6","sha1":"b4de01e570c14470d5ff214171c377560a6435f7","sha256":"01115bd080ae342656cb6ded79e587dc0cd2580164e7c547b33215ad2f6a5a50","sha512":"1dcca529095cb237e53ff2f1387db24394e15bd2091cf288824938106e757d01aa0bb26c64cfd1fa6793925ea00763a58adb68a43b221e8455a726160bb98c61","ssdeep":"192:pZrFo/Eic87M31SULGAvfZrFo/Eic87M31SKQB1vcweY:pZfA+yAvfZfAsUBT","tlshash":"7f0219c901b45d244dce0996ef7f7fcae0ad6c261ebd2c0d8898c850a26e6375d265f2","size":8726,"data":"","first_seen":"2026-03-02T22:32:04.796063Z","last_seen":"2026-03-02T22:32:04.796063Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"fe43622b86a9293f7d94436142bdfdc6","sha1":"01ef22d8f3292bea2b0cfa63e49be5ee758899eb","sha256":"f06061820c8cc9e6d88231bddef898d9ce4a8326f6e00e30e0aca3f924ad3dd4","sha512":"a8cf2feaa0a396472300a52b5d37f123be2249d274c947da255ba4f99a644139d92e010b65461b9575a4e63cddb1e717a085282c435d182186b0e51885f654d5","ssdeep":"","tlshash":"3e70008880202a0000e0080c030323b0238080a88cc28000822ea0033080e030288a8a","size":24,"data":"","first_seen":"2025-03-08T00:25:13.703666Z","last_seen":"2026-04-04T14:48:36.504037Z","times_seen":139417,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"3ef9478ce785fc73b7210778bda71375","sha1":"7f5c17f0e4cb3e60f512b61c2365d658a0500cca","sha256":"57df6952eb858f250415afcb781c958efa299374f20835ddb9cd9d243dcc6a5e","sha512":"36c369a35f08c8bc4d059aa8ce02aacb69e40c5f59036685f5afbf326b398db80fa55fd306d266bc1e31dfdad26537a7efd08668217ccd5313623a3d9c804353","ssdeep":"192:MyLp7EykXDceTOnLnVnagJuCzkMXjXSH3MM2qAFQ9xfeAcjCfxW7Vi:MydInXkDlkMXLSH3MM2qAFQ9xfeAcefV","tlshash":"29d1a79f44accba1416d19dd3c382e8eb8da354da6cc621eced3fe94882f9719e0050d","size":6639,"data":"","first_seen":"2026-03-02T22:32:04.803109Z","last_seen":"2026-03-02T22:32:04.803109Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"7171d381a177c345c2755b4c82a38045","sha1":"c08c6dcfc6ce95d5a1606fa51ecfc40622bc2e09","sha256":"e36cf9d6513f98644e2301a77bd36927c880e03684fc1277d631d806f8387695","sha512":"9d35fb3b37b117abd25083943f9072bfbec364fe41e89cdba66cb731f6c5823762e71313dd4fb5561d8676480c404e40619ef90d39b0eba141f540e139b539a8","ssdeep":"","tlshash":"51f0a76d4fd711602671511d725af2c4f494909733a3c40ef5ed92444f4ba2ea7ba2ec","size":480,"data":"","first_seen":"2026-03-02T22:32:04.807698Z","last_seen":"2026-03-02T22:32:04.807698Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"8414d3e18d2b1e5213d93e9961180c09","sha1":"501f10122689b95217071a357e0fdb6652bab624","sha256":"eb2c4bba9ebc87b1562defc06133d955fd38f522adb60fdeaa699744ac44a78a","sha512":"5962539d026d198b5f17c68f455e3e53c4b2c5b271b45a7fe2c1817a88d6bb56929b8d10305e2cc666250392e63661c927f89c3c238e3f6a48d8a76e39257207","ssdeep":"768:dfLk/5PkuN5U2v4FuyTnlHluh7nhY3IJPqRcsuERT7SXk+zJKJ+3U:pk/5fHUT8ypFuLqmLOcU","tlshash":"fc23e8dd34c2745a177721a2413f2d4bf1bb16643a8e8c40d9b5e9a63c3ca5f8623e4e","size":47428,"data":"","first_seen":"2026-03-02T13:33:23.315082Z","last_seen":"2026-03-04T13:12:43.366696Z","times_seen":1454,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"7ea336f637477485ccd6f9a5b167bd7d","sha1":"8153e4b97c42ab5b73f2f577b43043c8c9283b4b","sha256":"ce4d01ea989bb3b9243f9917fe20a39064135a99b2f3b8cd6832cccb10006b96","sha512":"1ac3fbd0a0c12ef1eacf5dc2a5848e72574bc9ebab4b159fbd080d02b3c49320e5862be0d7404e6ded0c2e2c8c0c43f84d93b966d200007782e282bbab8b3c65","ssdeep":"","tlshash":"c6f0e5b694b3c8285b0f264673ffd684145043e45c05764df1ede49a03e1d4cc0d9eaa","size":481,"data":"","first_seen":"2025-03-08T00:25:13.728891Z","last_seen":"2026-04-04T14:48:36.519012Z","times_seen":139297,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lostinoffst.click/","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"103.224.182.212","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":true,"md5":"f07145b12e2b3196f28e5fee297ada03","sha1":"a6f1b612117290b50d9086f117946d965852af1b","sha256":"f393a22343beae36a48fbed745e00cbc4a8f4958b3c0045c4dc33ca860e6e6a8","sha512":"934b88bc0564d736947228cee49ae059bf3b8a4878638b9d4f457aa06fb9a06f74e5965cb0047d1de4863c97b6167078676e615b2e7eae67c8f9ddaa16318559","ssdeep":"","tlshash":"ebf09748b5da78227578246e8ee4400ec1bb0144028ca5bce00ab71cad0216bf0aade7","size":513,"data":"","first_seen":"2026-03-02T22:32:04.813773Z","last_seen":"2026-03-02T22:32:04.813773Z","times_seen":1,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"103.224.182.212","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.20","port":59396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.097211+0000\",\"flow_id\":566444174519436,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":59396,\"dest_ip\":\"103.224.182.212\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":567},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1068,\"start\":\"2026-03-02T22:31:42.765068+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"4b525cf8ebd962811007b8d5664ed332","sha1":"3d6e339a2e51071280db0f7e0e72f4beff1b7e3f","sha256":"9a2fc2de09ddd5dbe83a33b037c4519972a252103614203019dec30522301fdd","sha512":"b8a7dfd8f65660c948daea9a5177f217a66dc3246bcc7acfefadf6c35c761208f9a99c73cd960e6081e0765b370ffbb178151bf792784c05de5c822b56ebb936","ssdeep":"","tlshash":"79c08c7b3c8220304edf725e281c93883860c206a883a202fc2c08ed4ff1e47323ab58","size":164,"data":"","first_seen":"2025-10-01T08:32:45.366407Z","last_seen":"2026-04-04T14:48:36.516831Z","times_seen":59426,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"b326b5062b2f0e69046810717534cb09","sha1":"5ffe533b830f08a0326348a9160afafc8ada44db","sha256":"b5bea41b6c623f7c09f1bf24dcae58ebab3c0cdd90ad966bc43a45b44867e12b","sha512":"9120cd5faef07a08e971ff024a3fcbea1e3a6b44142a6d82ca28c6c42e4f852595bcf53d81d776f10541045abdb7c37950629415d0dc66c8d86c64a5606d32de","ssdeep":"","tlshash":"5430000000000000000000000000300c00000000000000000000000000000000000000","size":4,"data":"","first_seen":"2023-03-07T01:03:44Z","last_seen":"2026-04-04T14:48:36.509449Z","times_seen":353025,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"6559111e4eae643ce013ce0821e91a02","sha1":"fa1086c9aa2cb2d14f5c13bceefe21511bcdae5a","sha256":"d72255f7e5ea4dfdf9821df800356367d0bc7df07ecd103bb660018cb1e4f400","sha512":"a6e3e096076dc152b69e95709dad8925c9c2799c23ad226b9ce7b6ee78936bea7300b66c92821ea0728ce7433d4f53787f27f5e7101f97e4d882be0a461fc051","ssdeep":"","tlshash":"407000000380020020c80233a200882af228003c00030200c008888800a808002080c2","size":25,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-04T14:48:36.521533Z","times_seen":332305,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"889ca9e2c79a3ce7aaadbcdfd0ce4ef5","sha1":"b05c2c051bae71f80cb8c289e5a42d4f96d323fa","sha256":"6477acf082d26199b6ce8346b93149b1b999233d9fe76b0340ebf43317cf98f8","sha512":"122a494d50a5e8077cdda40e8d6edb442bb9d89fff078852aad7f84fe24f1c58fe693f0388ca6c9453d1b33036da0b9c4e9fb394a18268e254d306ffc2ca57a3","ssdeep":"","tlshash":"46a002d4b4ed8125564583390104d91cf936c934c0d5701873f0466ca6e700a53610b2","size":62,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-04T14:48:36.520422Z","times_seen":332354,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"e5d8c139688b25ef77b263d88ea99150","sha1":"7abc9c61c4966543f66d150c0155bfac575f86a7","sha256":"53e5f34ac520035c7f124076d1e68c70a85c83cf68a339fa713b872b54126148","sha512":"1cd4eb192d987ea1b21f3b553eea3881c807f8bf4a5299982675d57314a0eaa084db1722c38d02eb73178660ecb1ca3667a795a512527f843f2526dc0a99dc20","ssdeep":"","tlshash":"7440000000003000033c0000000000c0000c00000000000000000c00030000000c0000","size":7,"data":"","first_seen":"2023-03-07T01:20:41Z","last_seen":"2026-04-04T14:48:36.502597Z","times_seen":332406,"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lostinoffst.click/js/fingerprint/iife.min.js","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"103.224.182.212","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","size":34240,"data":"","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-04-04T14:49:50.4723Z","times_seen":35218,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.blueridgeloop.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"3.167.2.93","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"249560d748450919cd43298e4ae19bdc","sha1":"c490a2aaff0e1269216b1356d52d8b27cc498903","sha256":"dc936fd40d884f0f4dce82fe8b871b351afda841e8ea6bc9dcfb2d80cdf82632","sha512":"0b58bf1974c6b8fbb3ec5fd7db15ba3b632e65ca3d0dd7573b18da398df89137fa4034d7877b7c045298cbeabf14b1269899ddb25c30e734c5f4cc91f2e8a6be","ssdeep":"1536:5wxRb5bdwL+plFz9FSUsqLonLNYgetcVPkx2cnYteolbFr3rd6TcWmuZUfFi8AiM:5ma+xzkVP9ftrdruZ5QZ3faA8rv","tlshash":"9dc3c6ddb2e27025439324a5157f410ae27b2e553c4b8290d17ee9d4ac7ce8e817bfac","size":120992,"data":"","first_seen":"2026-03-01T16:53:40.617471Z","last_seen":"2026-03-04T09:50:39.913423Z","times_seen":718,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"introduction_type":"scriptElement","is_inline":true,"md5":"2e8be5ce7a18d21c61ddaa3be3fd99ea","sha1":"7d2e7dcc6e15405e8d20e4287f271756e7f874f3","sha256":"5211c581ce1e9891281e16e8820398ab1f3a835b862b9e168bbffffe8e66ea19","sha512":"202c8e96e23f05dc95606ba0b7b318973a6ce95f22f28d05b4fe3762f335f0db7d989c73f8f0fc4e55cfa2b4c4980bc17433b8132ffba6b6975658322e7eb308","ssdeep":"","tlshash":"a6b02b103d301002007a0183c874c4290136d8f3330044d44b003cec908e440605e74c","size":122,"data":"","first_seen":"2025-04-02T18:01:59.542907Z","last_seen":"2026-04-04T14:48:36.522386Z","times_seen":138921,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=5035\u0026\u0026vgd_l2type=dmola\u0026fp=3j2Ei1-yRY7s742U9f0nGbX-YwUu4QZ2q9lSECqeJfZehvfUckKyt0RlOd-eaNRwwzLzzCr7sBNuIoOc9jk9nOMHCwU-wh8x2RxpsUFS6n_g0tfg-Mjcb1PH7hzXaBSAIHPVbK2bv1aywiB0Yo26BQ%3D%3D\u0026cme=HJWsfYh0TPtixth3spqoyeS1RW0ZA_z60S3-_Z40xbvDaSS6jhIh7a80HOI5nGQkZRiyAuJgh1MYxaudJ9pjsGFydzzjKhZbWRzgLipZxZTJ90IsD_rwNLxyRoRojiT05N99BaoOQLzlIZstZXmZ7C-_Al-bkQA60dQdlB-NudFMEIDp5ZKVYKuPEx0uJ9wEyN7r-9YfAXkKYayc-l-E2Jf7xy1vsC3JrtSQDJbwqi8Y-X7NPpmJ45Mb0LLUAvaJyFtCv1mE3MU%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQJ2LACjYs2XSj_UvaHtlLvpecl2zfSMFmuy9bhklg-dw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C4Nxvvts4d3lLR-Fmi_R_9rocpWzwbiBISGOnzxmcpj2KnIO4mF6NwFmMtsIq3cOaTj13vbnAeSaxiERBoPWqbS5G9bu5CQujsoYvtsf8E6PYJHfmYrY_ILGqqzCcmdrSq7Ep_jlfANpCcb8nkGs4iN7L0X5sF4m7CPTqDkYAY-rshJKY8e5W0KbrMSaaeuZ3KyEJYviRV5fbfqDSN7D6Vyq6JF1eYW2NcHhYs8UcBNlDeQ8t2Iqxpa2OwH8vJdHGQuvQWiJHxZDRO6oadDE28HPGsWERjT8_3idiYuLPdcFxBZ8TCa4TeRatILnTwQt2lwfsbEmKFEW6yetUIlb1Skei2QMLMx8nsZEohKxCjXLuYgMtI_glW9GzxgziU6B8Mjw-PvvqRTlxse5dFrGdQJmKj6JuriNN3gGCocdGopzIk3OL_bwfhARMmgF0ZVmdMhE6Dmm6xpZHg8HjtmeqquiNnU7cLNGjVUl2LzlIW59H2yr3SZXHarKpvnUbtwWGTEWTYnGLeE-SS4m9XIMUwO3zJRt8o-5RY1oUXUoFNlF7ogVg2XG91xtQ2L43Nq1Qt5R-1quDjR4puUJRpwt4sgZk7o3difGbdQ_scwgiTIgzb-_vaVVmDHOto3GUA6CsbfztaVoqjbN-H_BoDUjVVV0IoIg2ItiAK-e5KD_BAHKfQ_5OG8NWVDOf01v6lvSqoCfuyjpKIAJnvr_QzAefqgLTRuwYVaEP%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ksu=360\u0026fdkt=658\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Top+10+Places+You+Must+Visit\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=1\u0026kid[]=351033257\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D8589%7Cclid_serp%3D5407%7Cakp%3D9%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D71735%7Cclpr%3D1.000000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Best+Small+Towns+to+Visit+in+USA\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=2\u0026kid[]=388132887\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D9212%7Cakp%3D3%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D60179%7Cclpr%3D1.000000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Secret+Places+to+Visit+in+London\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=3\u0026kid[]=385876755\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D21256%7Cakp%3D6%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D135466%7Cclpr%3D1.000000%7Ccllvl%3D2%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Urban+Exploration+Walking+Tours\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=4\u0026kid[]=1035205323\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D2%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=17174784\u0026kwd[]=10+Beautiful+Small+Towns+to+Retire\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=5\u0026kid[]=351568953\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D10%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D59574%7Cclpr%3D0.450000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79402247832288844194718814464\u0026v=1\u0026gdpr=1\u0026geo=59.93%7C10.8\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170763906\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=LJ1j78YJQJ1LNwLJQxj7Q.NmY\u0026cid=8CU6073RK\u0026vi=1772490704358366216\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=3\u0026vgd_tsce=L1156-S1156\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=21890\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2152003630393433517\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2844\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001772490704019015326356484667\u0026rc=0\u0026rand=1772490705139\u0026acid=undefined\u0026matm=1772490705139\u0026vgde_ltimesrc=u\u0026vgde_ltime=iAW\u0026vgde_rtime=WiW\u0026vgde_etm=uH\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AWAW%2C%22QNLLQ71L7%22%3AHA%2C%22QNLLLJzOJL%22%3Auh%2C%22QNLLJ-JN%22%3AXh%7D\u0026vgd_lhl=1931\u0026vgd_sbSup=1\u0026vgd_nrrs=21890\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","size":15,"data":"","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-04-04T14:48:36.492832Z","times_seen":141672,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"lostinoffst.click/","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"103.224.182.212","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T22:31:37.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blueberry-lesite.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 09 Jan 2026 05:25:31 GMT","end":"Thu, 09 Apr 2026 05:25:30 GMT"},"fingerprint":{"sha1":"D7:5A:27:C0:ED:E6:FD:EC:07:DD:E6:F9:60:DB:93:8F:7D:EA:19:E3","sha256":"B4:74:D1:A1:30:2D:30:8B:1F:26:67:0F:17:D8:F4:FF:B2:EE:3D:DD:5E:36:5D:0E:19:D8:DD:73:4B:6B:A2:5B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:38 GMT\r\nserver: Apache\r\nset-cookie: __tad=1772490698.1196492; expires=Thu, 28 Feb 2036 22:31:38 GMT; Max-Age=315360000\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\ncontent-length: 566\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":1072,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text","md5":"16e265b526e3ff0fab716bdd362cf804","sha1":"35f28352c4e18cbae2008ea06ba4e7e7cd5362de","sha256":"9178c6afe01d786195bde4481201678df148aa1414a6eedcbfb25a33db9927d5","sha512":"72d06e2750ac725b3feea37ed225f6f729ab72f8ff84ccddf334b81a3111b3523337a6726a6da432a734ae0437a754ba7df0f748387574c6daf5bc1adcd263e3","ssdeep":"","tlshash":"f011ef09bd81bc12b031189d8af1e10ec4a7160483ccd87cf1d9f56cad4a799f4beaca","first_seen":"2026-03-02T22:32:04.732664Z","last_seen":"2026-03-02T22:32:04.732664Z","times_seen":1,"resource_available":true,"data":null}},"time_used":1535,"timings":{"blocked":682,"dns":351,"connect":156,"send":0,"wait":170,"receive":0,"ssl":172},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"103.224.182.212","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.20","port":59396,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.097211+0000\",\"flow_id\":566444174519436,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":59396,\"dest_ip\":\"103.224.182.212\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":567},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":554,\"bytes_toclient\":1068,\"start\":\"2026-03-02T22:31:42.765068+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.blueridgeloop.com/ct","fqdn":"obseu.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:43.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.blueridgeloop.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Wed, 29 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F0:B4:9E:AB:EC:F1:B1:6E:FC:2F:30:44:A7:59:88:02:56:5A:C9:DE","sha256":"9E:F1:FB:78:7A:CB:8E:2E:8E:82:6B:A7:84:5B:3B:FC:89:B5:F5:3B:33:6A:29:2F:A5:BF:8E:80:6B:97:FF:E5"}}},"request":{"raw":"POST /ct HTTP/1.1\r\nHost: obseu.blueridgeloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 4434\r\nOrigin: http://ww38.lostinoffst.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":4434,"data":"id=92098\u0026url=http%3A%2F%2Fww38.lostinoffst.click%2F\u0026sf=0\u0026tpi=\u0026ch=AdsDeli%20-%20iFrame\u0026uvid=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558\u0026tsf=0\u0026tsfmi=\u0026tsfu=\u0026cb=1772490703928\u0026hl=3\u0026op=0\u0026ag=2881387774\u0026rand=53850260966077258109001000799150886657952001080621605026276026599825808602007031686777995951\u0026fs=1280x1024\u0026fst=1280x1024\u0026np=win32\u0026nv=\u0026ref=\u0026ss=1280x1024\u0026nc=0\u0026at=\u0026di=W1siZWYiLDI5OTJdLFsiYWJuY2giLDEzXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcIm1lc2FcIixcInJcIjpcImxsdm1waXBlXCIsXCJzbHZcIjpcIndlYmdsIGdsc2wgZXMgMS4wXCIsXCJndmVyXCI6XCJ3ZWJnbCAxLjBcIixcImd2ZW5cIjpcIm1vemlsbGFcIixcImJlblwiOjM4LFwid2dsXCI6MSxcImdyZW5cIjpcImxsdm1waXBlXCIsXCJzZWZcIjo0OTQxOTUwNDMsXCJzZWNcIjpcIlwifSJdLFstMSwiTGludXggeDg2XzY0Il0sWy00LCItIl0sWy0xNiwiMCJdLFstMjEsIi0iXSxbLTIzLCIrIl0sWy0zMiwiMCJdLFstNDEsIi0iXSxbLTU4LCItIl0sWy04LCItIl0sWy0zLCJbXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCIsXCJpbnRlcm5hbC1wZGYtdmlld2VyXCJdIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1wiZGVzY3JpcHRpb25cIl19Il0sWy0xOCwiWzEsMCwwLDBdIl0sWy0zOCwiYywtMSwtMSwxLDAsMTMsMCwwLDEwMywyMTksLTEsMCwsNDc2LDYzOSw2MzciXSxbLTQwLCIzNyJdLFstNjQsIi0iXSxbLTY1LCItIl0sWy0yNywiLSJdLFstNjcsIi0iXSxbLTE0LCItIl0sWy0yNCwiW10iXSxbLTI2LCItIl0sWy01OSwiLSJdLFstNjYsIi0iXSxbLTc0LCItIl0sWy0xMCwiLSJdLFstMTUsIi0iXSxbLTI1LCItIl0sWy0yOSwiLSJdLFstMzcsIi0iXSxbLTQ3LCJVVEMsZW4tVVMsbGF0bixncmVnb3J5Il0sWy01MSwiLSJdLFstNjAsIi0iXSxbLTY5LCJXaW4zMnx8fDQ4fC18LSJdLFstNzUsIihpbnRlcm1lZGlhdGUgdmFsdWUpLnNvbWVGdW5jIGlzIG5vdCBhIGZ1bmN0aW9uIl0sWy01LCItIl0sWy0zMCwiW1widlwiLDBdIl0sWy00MiwiODgzMzk5MDE2Il0sWy01MywiMDAxIl0sWy01NiwibGFuZHNjYXBlLXByaW1hcnkiXSxbLTcxLCJhMDEwMDEwMTEwMDEwMDEwMTAwMDEwMTAwMTEwMTEwMDAwMDAxMCJdLFstMiwiNyxJc045bkduV2JBWUFJeE5mUWFPcUdFMENGQVFzY0cwMEluaE9iWUJBS1lVT3pRTzZFWDAyMEltR0xjdTYydXJkUC9jMmQycE5tVlpBd2YzLy84ejc5R3JIYTFXdTNPbVhQUHZlIl0sWy0xNywiNDgiXSxbLTE5LCJbMCwwLDAsMCwwLDAsMSwyNCwyNCxcIi1cIiwxMjgwLDEwMjQsMTI4MCwxMDI0LDEyODAsMTAyNCwxMjgwLDEwMjQsMCwwLDAsMCxcIi1cIixcIi1cIiwxMjgwLDEwMjQsbnVsbF0iXSxbLTI4LCJlbi1VUyxlbiJdLFstMzMsIi0iXSxbLTM1LCJbMTc3MjQ5MDcwMzg2MywwXSJdLFstNDMsIjAwMDAwMDAxMDAwMDAwMDAwMDExMTAwMTAwMDAwMTAwMDAwMDAwMDAwMTAiXSxbLTQ0LCIwLDUsMCw1Il0sWy00OCwiW1wiLVwiLFwiLVwiLFwiLVwiLFwiLVwiLFwiLVwiXSJdLFstNTQsIntcImhcIjpbXCIzMjk5NzI4NDUyXCIsXCI4MjI4MjMxMTlcIixcIjk4MzIyNjI5MFwiLFwiMjg3Mjg5OTMyMFwiLFwiXzNcIixcIjI4NzI4OTkzMjBcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTU3LCJTM2xSVFUxSlNnTVdGbHhNVmxzWFcxVk1YRXRRWFY1Y1ZWWldTUmRhVmxRV1NrRkpGbEFXRHdvUFh3RmJBUXdCWHc4QkNGaGFXdzViWDFnUFh3d0JDbGdBRHc4S0NWZ1hVMG9EQ0FNQkRnc01EaFVPQ0FBV1RSZGNRVWxXUzAxS0ZnVjVVVTFOU1VvREZoWmNURlpiRjF0VlRGeExVRjFlWEZWV1Zra1hXbFpVRmtwQlNSWlFGZzhLRDE4Qld3RU1BVjhQQVFoWVdsc09XMTlZRDE4TUFRcFlBQThQQ2dsWUYxTktBd2dEQVE0TkRBd1ZTbHhOYlZCVVhGWk1UUmxSV0ZkZFZWeExFdzRJQUJaTkYxeEJTVlpMVFVvV0JYbFJUVTFKU2dNV0ZseE1WbHNYVzFWTVhFdFFYVjVjVlZaV1NSZGFWbFFXU2tGSkZsQVdEd29QWHc9PSJdLFstNjgsIi0iXSxbLTMxLCJmYWxzZSJdLFstNDUsIjc1MiwwLDAsNzE5LDAsMCw3NjEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstNTAsIi0iXSxbLTcyLCJFeFU9Il0sWy03MywiRWhRPSJdLFstOSwiLSJdLFstMTIsIlwiMVwiIl0sWy0yMCwiLSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTM2LCJbXCI1LzRcIixcIjUvNFwiXSJdLFstNzAsIi0iXSxbImJuY2giLDIwNF0sWy0zNCwiLSJdLFstNDYsIjAiXSxbLTUyLCItIl0sWy02LCJ7XCJ3XCI6W1wiMFwiLFwib25SVEJGYWlsdXJlXCIsXCJvblJUQlN1Y2Nlc3NcIixcIk5vdGlmeVBhaW50RXZlbnRcIixcIl9fY3RjZ19jdF85MjA5OF9leGVjXCJdLFwiblwiOltdLFwiZFwiOltdfSJdLFstNywiLSJdLFstMTMsIi0iXSxbLTM5LCJbXCIyMDEwMDEwMVwiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixcIjIwMTgxMDAxMDAwMDAwXCIsbnVsbCxmYWxzZSxudWxsLGZhbHNlLG51bGwsNSx0cnVlLGZhbHNlLG51bGwsMCxmYWxzZSxmYWxzZSxmYWxzZSxmYWxzZV0iXSxbLTQ5LCItIl0sWy01NSwiMCJdLFstNjEsIi0iXSxbLTYyLCI1OCJdLFstNjMsIi0iXSxbImRkYiIsIjAsNiwwLDAsMSwzLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDIsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMiwwLDAsMCwzLDAsMCwxLDAsMCwwLDEsMSwzOSwwLDI2LDAsMCwwLDAsMCwxLDEsMCwwLDAsMywwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMSwwLDAsMCwwLDAiXSxbImNiIiwiMCwwLDAsMCwwLDAsMCwwLDAsMywxLDAsNDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDQsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwxLDAsMCJdXQ%3D%3D\u0026dep=0\u0026pre=0\u0026sdd=\u0026cri=K5wphmZFgP\u0026pto=750\u0026ver=65\u0026gac=-\u0026mei=\u0026ap=\u0026fe=1\u0026duid=1.1772490703.o1TfCFH5EvqYHacM\u0026suid=1.1772490703.kBgMIdMMnew0aumj\u0026tuid=1.1772490703.bv69G6n1IAEqzNVX\u0026fbc=-\u0026gtm=-\u0026it=5%2C436%2C32\u0026fbcl=-\u0026gacl=-\u0026gacsd=-\u0026rtic=-\u0026rtict=-\u0026bgc=-\u0026spa=1\u0026urid=0\u0026ab=\u0026sck=-\u0026io=aGA2Oi15fzZz"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.lostinoffst.click\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-encoding: gzip\r\ncontent-type: application/json\r\ndate: Mon, 02 Mar 2026 22:31:44 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\nset-cookie: cg_uuid=11217fc1f636366030d46fa5fb7c1cb1; Max-Age=29030400; Path=/; Expires=Mon, 01 Feb 2027 22:31:44 GMT; HttpOnly; Secure; SameSite=None\r\ntiming-allow-origin: http://ww38.lostinoffst.click\r\ncontent-length: 1091\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":3250,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a3c2087a866b4ec05febe768ca98955b","sha1":"c43ae89942f085d6619e6e3fdb0199622598275b","sha256":"c3fa02ccf00aced257b41e9d20b469774a4359d6f8c3b05063a95af4949f5ab8","sha512":"c1f8f943d7650def123c26fe84a296abda4835af0c49fd2dab84b4e4085b4aa97942e7b7179c46cbcbf64737fd4e16d96354390557de7070805cd666fbee504e","ssdeep":"","tlshash":"0f61c804a93f4ea3fbde9aa6bf3555c05fe346cb07cb5528a1ba7b4541bb1d5de02000","first_seen":"2026-03-02T22:32:04.735719Z","last_seen":"2026-03-02T22:32:04.735719Z","times_seen":1,"resource_available":false,"data":null}},"time_used":271,"timings":{"blocked":112,"dns":5,"connect":34,"send":0,"wait":46,"receive":0,"ssl":71},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bping.php?lf=6\u0026sc=03\u0026lper=100\u0026prid=8PR11258V\u0026vgd_asn=50304\u0026vgd_rpth=%2Fola\u0026gdpr=1\u0026mspa=0\u0026r=1772490704021\u0026vgd_tsce=L1156\u0026vgd_oresf=one\u0026cc=NO\u0026requrl=http%3A%2F%2Flostinoffst.click\u0026vgd_cage=10\u0026vgd_cdv=O2799\u0026vgd_l2type=dmola\u0026vgd_oreqf=one\u0026vgd_setup=c21\u0026wsip=170764131\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%7D\u0026wshp=0\u0026vgd_wlstp=0\u0026cid=8CU6073RK\u0026crid=848515096\u0026vi=1772490704358366216\u0026hvsid=00001772490704019015326356484667\u0026ugd=4\u0026vgd_len=534\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://yfdpco3.com/sk-park.php?pid=9PO15V947\u0026dn=lostinoffst.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.lostinoffst.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","date":"2026-03-02T22:31:44.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 28 Jan 2026 16:34:52 GMT","end":"Tue, 28 Apr 2026 17:33:19 GMT"},"fingerprint":{"sha1":"F3:1F:AE:F5:F8:55:3C:E0:73:9D:53:9F:50:2C:79:55:B2:A1:33:D1","sha256":"50:7A:11:63:E8:59:A1:60:B9:7A:1C:11:46:F4:E5:9E:5A:10:E9:46:AD:96:82:92:F4:32:FE:23:EC:45:AC:B9"}}},"request":{"raw":"GET /bping.php?lf=6\u0026sc=03\u0026lper=100\u0026prid=8PR11258V\u0026vgd_asn=50304\u0026vgd_rpth=%2Fola\u0026gdpr=1\u0026mspa=0\u0026r=1772490704021\u0026vgd_tsce=L1156\u0026vgd_oresf=one\u0026cc=NO\u0026requrl=http%3A%2F%2Flostinoffst.click\u0026vgd_cage=10\u0026vgd_cdv=O2799\u0026vgd_l2type=dmola\u0026vgd_oreqf=one\u0026vgd_setup=c21\u0026wsip=170764131\u0026ssld=%7B%22QQNN%22%3A%22Ia%22%2C%22QQN75%22%3A%22mQjm%22%2C%22QQ8E%22%3A%22%22%2C%22QQQN%22%3A%229A%22%7D\u0026wshp=0\u0026vgd_wlstp=0\u0026cid=8CU6073RK\u0026crid=848515096\u0026vi=1772490704358366216\u0026hvsid=00001772490704019015326356484667\u0026ugd=4\u0026vgd_len=534\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://yfdpco3.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:44 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Sun, 01 Mar 2026 22:31:44 GMT\r\npragma: no-cache\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dP9mQ48xJNaHQbKd2O8b8IrDZA0z%2FfIlz0R0q7YPs0ZGYICkACch%2BwGQUwltC4FnT1tNC85K%2BGutwRt%2Ber2G%2B0vybViidNHEo7G01myvcFHqGHVy\"}]}\r\nserver: cloudflare\r\ncf-ray: 9d63da75abb876ef-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 87a, 1 x 1","md5":"6f1d74c7168076c7666246504a8c03f2","sha1":"00656377deb1a4393e0cf0055385b08b2b81b46c","sha256":"8ac1703c1c34b2be426deda409d39258f82fae17f13e645f377f337a954aedde","sha512":"e502484faa0dc2a1f23c7f715879db654f29d0af1d6f616467d3d1fc578c2d16fccaacd76c4a5ecae8451dc912323473559d29edbd322fe85b8f1e83a7cdf2f3","ssdeep":"","tlshash":"53900447f1401103d135403007075340070c5030145403050071507ddc1d7553d07410","first_seen":"2025-03-07T21:51:05.009549Z","last_seen":"2026-04-04T14:48:36.489911Z","times_seen":143046,"resource_available":false,"data":null}},"time_used":193,"timings":{"blocked":27,"dns":0,"connect":1,"send":0,"wait":139,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/fonts/montserrat_regular/montserrat_regular.woff","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-03-02T22:31:45.121Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 28 Jan 2026 16:34:52 GMT","end":"Tue, 28 Apr 2026 17:33:19 GMT"},"fingerprint":{"sha1":"F3:1F:AE:F5:F8:55:3C:E0:73:9D:53:9F:50:2C:79:55:B2:A1:33:D1","sha256":"50:7A:11:63:E8:59:A1:60:B9:7A:1C:11:46:F4:E5:9E:5A:10:E9:46:AD:96:82:92:F4:32:FE:23:EC:45:AC:B9"}}},"request":{"raw":"GET /__media__/fonts/montserrat_regular/montserrat_regular.woff HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://realtimesearchresults.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:45 GMT\r\ncontent-type: font/woff\r\ncontent-length: 24744\r\nserver: cloudflare\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\nedge-control: downstream-ttl=1d\r\nvia: 1.1 google\r\ncache-control: public, max-age=604800\r\nlast-modified: Mon, 16 May 2016 10:39:41 GMT\r\netag: \"60a8-532f33dedf540\"\r\nage: 507707\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rvcc%2FYWn0ebft9GrU3IeRQ6X7miMIDdKy8Bk776IB3G07GrBUvh%2B0MxRh26VIfDWyGUZGiYIeM%2BMsO1yQyvF3DgQK1cYrC6KldLgbvm5ShHkcD0g\"}]}\r\ncf-ray: 9d63da7b282523eb-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":24744,"size_decoded":0,"mime_type":"font/woff","magic":"Web Open Font Format, TrueType, length 24744, version 1.0","md5":"987e102655eee6557d9e5de5eda2dbd7","sha1":"9cfb173085bc54a3e7a4f377e5184cba87ad7a67","sha256":"1354d1ffff7cde96f66dd463a7a9d9bc627c2ea55c1a12c7f0b5c63594622c3e","sha512":"bccd46bbc05dc333869797877f2702294f24f697bd5cf8c42210092d74ddb261b301fa1cb09f79ddc2fb1dc5a54acb3aabde5454920ab195fc906cfddf1be75a","ssdeep":"768:Vw0BKrqrg0KoirVY+RpyVvAfeiCONpPkIw31R:q0BKH0Koiu+Tyqfe1cCH31R","tlshash":"80b2d138a2776205f24c16f579030b361dda21ba925e47bb062360ae1db9a4cd18a24f","first_seen":"2025-04-10T23:48:29.909914Z","last_seen":"2026-04-04T14:49:50.468587Z","times_seen":126301,"resource_available":false,"data":null}},"time_used":70,"timings":{"blocked":23,"dns":0,"connect":1,"send":0,"wait":10,"receive":14,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"msadsscale.microsoft.com/bingads/telemetryJS.js","fqdn":"msadsscale.microsoft.com","domain":"microsoft.com","tld":"com"},"ip":{"addr":"13.107.246.53","port":443,"asn":8075,"as":"MICROSOFT-CORP-MSN-AS-BLOCK","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-03-02T22:31:45.324Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"msadsscale.microsoft.com","organization":""},"issuer":{"commonName":"GeoTrust TLS RSA CA G1","organization":"DigiCert Inc"},"validity":{"start":"Sun, 21 Dec 2025 00:00:00 GMT","end":"Sun, 21 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"2C:BD:B0:AB:44:13:2E:20:B9:4A:CE:77:54:53:0B:D3:6F:B7:12:AB","sha256":"F0:73:26:EC:1A:F7:21:8F:A5:59:85:8A:09:7C:FC:E8:93:49:67:48:66:67:5E:8F:5C:8E:AE:44:2A:82:6B:F0"}}},"request":{"raw":"GET /bingads/telemetryJS.js HTTP/1.1\r\nHost: msadsscale.microsoft.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:45 GMT\r\ncontent-type: text/javascript\r\nvary: Accept-Encoding\r\nlast-modified: Wed, 12 Mar 2025 08:06:51 GMT\r\netag: W/\"0x8DD613CD8BAF720\"\r\nx-ms-request-id: 9e5deccb-901e-0035-6dab-a6ae38000000\r\nx-ms-version: 2018-03-28\r\naccess-control-expose-headers: content-length\r\naccess-control-allow-origin: *\r\nx-azure-ref: 20260302T223145Z-1788c446df9glz52hC1SVGsze0000000189000000000873h\r\nx-fd-int-roxy-purgeid: 0\r\nx-cache: TCP_HIT\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Azure Front Door","description":"Azure Front Door is a scalable and secure entry point for fast delivery of your global web applications.","website":"https://docs.microsoft.com/en-us/azure/frontdoor/","common_platform_enumeration":"","icon":"Azure.svg","categories":["Load balancers"]},{"name":"Azure","description":"Azure is a cloud computing service for building, testing, deploying, and managing applications and services through Microsoft-managed data centers.","website":"https://azure.microsoft.com","common_platform_enumeration":"","icon":"Azure.svg","categories":["PaaS"]}],"data":{"size":72824,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65504), with no line terminators","md5":"84bf71fe11d71bedaac885462b1d2940","sha1":"bdcf95799b79eea873329ddbd112eda32f47877e","sha256":"a8d28463855fcf949fb31963246cc6c55ea9baf9c5551b327687dcd6076502f7","sha512":"02d7de1db70f021c17bc184e1e795cc01f63889731f444ca429040f3599dccdb346c68e8e5e69fc81060972b7ccbcebf1e9294e50318957ded8cb0cbeecacb3e","ssdeep":"768:TM4lJgxIU3OPOEUi6UsQ6R1k/Y7/LKF/ZE/4OkeZChQZqeYQYTyCLJV6N//MFgPc:A4voIU+POE3kMMmF/6VbqXQQfI/EgYuo","tlshash":"5a63938df1d1b0f607e7a0e5412f960ae1b72968b45ea8d6e6a1d4e09c7884f1037f7c","first_seen":"2025-03-13T12:39:24.627452Z","last_seen":"2026-04-04T14:49:50.469068Z","times_seen":91986,"resource_available":true,"data":null}},"time_used":76,"timings":{"blocked":26,"dns":9,"connect":8,"send":0,"wait":15,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"s.yimg.com/ds/scripts/selectTier-p1.1.0.js","fqdn":"s.yimg.com","domain":"yimg.com","tld":"com"},"ip":{"addr":"87.248.119.251","port":443,"asn":203220,"as":"Yahoo-UK Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-03-02T22:31:45.326Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.www.yahoo.com","organization":"Yahoo Holdings Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 23 Feb 2026 00:00:00 GMT","end":"Wed, 15 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"84:C1:83:1D:78:C9:B7:8A:5A:A8:A1:3A:D1:2D:07:74:F7:40:BF:69","sha256":"30:9D:82:0E:FF:36:AB:C3:61:0C:B1:7B:4F:10:14:11:09:6C:44:3F:CF:03:8A:C3:71:1B:6A:74:BC:17:8C:B6"}}},"request":{"raw":"GET /ds/scripts/selectTier-p1.1.0.js HTTP/1.1\r\nHost: s.yimg.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-amz-id-2: OrDosXhLsyGGdAkfBSANK16S5SC2x8KZPD4BrWoC80QEBoH7kKjgUXCK/YKjFLGukH3nzODg9NQ=\r\nx-amz-request-id: 34NTN7S1G4ETFAM0\r\ndate: Mon, 02 Mar 2026 22:31:09 GMT\r\nlast-modified: Thu, 20 Nov 2025 17:25:39 GMT\r\ncache-control: public,max-age=60\r\nx-amz-version-id: cBEvYraRJPb_oZIzj59OF.PVkaCjFNDl\r\naccept-ranges: bytes\r\ncontent-type: application/javascript\r\nserver: ATS\r\nvary: Origin, Accept-Encoding\r\netag: \"3e822c257ba7fef24f528f4691aeb99b-df\"\r\nage: 37\r\nx-content-type-options: nosniff\r\nreferrer-policy: no-referrer-when-downgrade\r\ncontent-encoding: gzip\r\ncontent-length: 4373\r\nstrict-transport-security: max-age=31536000\r\nats-carp-promotion: 1, 1\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Apache Traffic Server","description":"Apache Traffic Server is an open-source caching and proxying server that serves as an HTTP/1.1 and HTTP/2 reverse proxy with caching capabilities, load balancing, request routing, SSL termination, and support for advanced HTTP features.","website":"https://trafficserver.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:traffic_server:*:*:*:*:*:*:*:*","icon":"Apache Traffic Server.svg","categories":["Web servers"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":12818,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (12818), with no line terminators","md5":"3e822c257ba7fef24f528f4691aeb99b","sha1":"f819207c02f62baca71d1ebd1c5b3703312f630f","sha256":"3799b25dd5ee04f751d55c8fef57734264b83fa875b4270a2069bb0b42af9e5e","sha512":"84b5a5f85166699f09a77cf3b358be9d4e3d2386b06134dce6321869d6ab6e9517c43dadd25519e72e683a33010c41a233020b7cc799ef275be870890c98bf6c","ssdeep":"384:tKjiEAbREf2vfxpw5LISLJM6IhJocevD5tg:5gfGw9IEm6IhJmng","tlshash":"da42b5d57886b47627ab81a0b53f232532335c36240dd79076498678aa4cf8f9323fec","first_seen":"2025-11-20T17:27:39.740418Z","last_seen":"2026-03-17T16:07:28.498685Z","times_seen":75555,"resource_available":true,"data":null}},"time_used":201,"timings":{"blocked":78,"dns":5,"connect":35,"send":0,"wait":37,"receive":1,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.blueridgeloop.com/mon","fqdn":"obseu.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:49.146Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.blueridgeloop.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Wed, 29 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F0:B4:9E:AB:EC:F1:B1:6E:FC:2F:30:44:A7:59:88:02:56:5A:C9:DE","sha256":"9E:F1:FB:78:7A:CB:8E:2E:8E:82:6B:A7:84:5B:3B:FC:89:B5:F5:3B:33:6A:29:2F:A5:BF:8E:80:6B:97:FF:E5"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.blueridgeloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1708\r\nOrigin: http://ww38.lostinoffst.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nCookie: cg_uuid=11217fc1f636366030d46fa5fb7c1cb1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1708,"data":"e=37dfbd8ee84e00126decc33cea408a999225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f6748838188007a6c1aa87e7402843dd962c404640125c503050967030cc7ed394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2c4124510cf38b2f627852a5fb4f2f8afea67b98b60a7a4c7df9a3f4c1cd25e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6cc4b27aa81a52bd950bc02acd7449b1c90d06dd82a61c38b2dd9798290bda2ccb0bd0b20f72fb6b9f2354367aed971eecb50af571413dd5f469795808899aacb70d82dd499a5987ffe3c2374c4366b959ed11667f3ee628d06e9980fd935a45952485bcb76f14dd0c4ba74bd842ecc11ebcf849b6bce170468fe7f1a58794568ecaa23ec059b8cc964a19e44f39b2bd694c2f83dd7f0a81f283e98e71e1ce2e45b0852aea2b47ab93b98e240f2e326b560bd329357c809d1aa3cdb0720e5af8e7b383e641f370d5c16c7fd9e38975be357445128e6b548d89a1c05febfdfb9a233c389b28ff080aa840d0e558316d5cb4b7291002042837157636de87aa8711bc6e2c1648a63c97ef9fc51b4ec70e4255a662053394ec6d2f8c9783e0cce0a4f87d2c7bab7cd510197b0ba7d95d1213ddedb653a37f8e8a82360fd59e3378d06f17ddb44c9c27895a620a0dfd1c092477efdb46a27d30af9dee1ef4fc332564352cd371d42bba1439db841888b91c954cd858f2f1c771aef2fa104b647f2dc3cd4204920413a7f77fd48cedc7147b36fdcb5aa768a9e5f86746fbd4e3f7fcaaac30047ef73fd92028544624258b63a2c82afd068d74567ccd001abdec1edd101c857502216f2733940ded4551aa836b9bb9d7193c1b45d4f76b06e281a49\u0026cri=K5wphmZFgP\u0026sf=0\u0026dc=\u0026cp=5\u0026gtm=-\u0026gac=-\u0026uvid=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=5007\u0026mo=0\u0026pn=5965\u0026spn=958\u0026fp=476\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.lostinoffst.click\r\ncontent-type: application/json\r\ndate: Mon, 02 Mar 2026 22:31:49 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"lostinoffst.click/?tr_uuid=20260303-0931-38ad-8f5b-fad97b5da97b\u0026fp=-7","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"103.224.182.212","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T22:31:39.765Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /?tr_uuid=20260303-0931-38ad-8f5b-fad97b5da97b\u0026fp=-7 HTTP/1.1\r\nHost: lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: __tad=1772490698.1196492\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 302 Found\r\ndate: Mon, 02 Mar 2026 22:31:39 GMT\r\nserver: Apache\r\nlocation: http://ww38.lostinoffst.click/\r\ncontent-length: 0\r\ncontent-type: text/html; charset=UTF-8\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":488,"timings":{"blocked":154,"dns":1,"connect":155,"send":0,"wait":178,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:40Z","timestamp":1772490700,"ip_dst":{"addr":"103.224.182.212","port":80,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.20","port":59380,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:40.097687+0000\",\"flow_id\":628684692892027,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":59380,\"dest_ip\":\"103.224.182.212\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"lostinoffst.click\",\"url\":\"/?tr_uuid=20260303-0931-38ad-8f5b-fad97b5da97b\u0026fp=-7\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":302,\"redirect\":\"http://ww38.lostinoffst.click/\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":3,\"bytes_toserver\":759,\"bytes_toclient\":401,\"start\":\"2026-03-02T22:31:39.764283+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T22:31:40.104Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww38.lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"yfdpco3.com/sk-park.php?pid=9PO15V947\u0026dn=lostinoffst.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.lostinoffst.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","fqdn":"yfdpco3.com","domain":"yfdpco3.com","tld":"com"},"ip":{"addr":"208.91.196.46","port":80,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:43.766Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sk-park.php?pid=9PO15V947\u0026dn=lostinoffst.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.lostinoffst.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5 HTTP/1.1\r\nHost: yfdpco3.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Mon, 02 Mar 2026 22:31:35 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nx-sc-h: 21-53xc\r\nvia: 1.1 google\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9633,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (9466)","md5":"3ea789ef31fbce334133647791b070a5","sha1":"44bef69ead600aefb79937a4d893584dbb351548","sha256":"373b111b11a297924c0d7ae15519dd46b2e3deca4b33d91268ceb0e4840623b2","sha512":"279b46cd1448ad6a97072233e205eb821116a2244cfec89618d6bf0b862e8e1288515f32b766c2ac7c7f74d8453e9d087b163cb76705b59664a7f573fed43e0b","ssdeep":"192:fL7NelZrFo/Eic87M31SULGAvfZrFo/Eic87M31SKQB1vcwe/:glZfA+yAvfZfAsUBI","tlshash":"5f1249c901b45d204dce0596ef3fbfcaa09c6c266ebd2c0d8999c450a16eb3b5c264f5","first_seen":"2026-03-02T22:32:04.760873Z","last_seen":"2026-03-02T22:32:04.760873Z","times_seen":1,"resource_available":false,"data":null}},"time_used":490,"timings":{"blocked":131,"dns":1,"connect":131,"send":0,"wait":227,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","fqdn":"realtimesearchresults.com","domain":"realtimesearchresults.com","tld":"com"},"ip":{"addr":"199.191.50.132","port":443,"asn":40034,"as":"CONFLUENCE-NETWORK-INC","country":"British Virgin Islands","country_code":"VG"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"http://yfdpco3.com/sk-park.php?pid=9PO15V947\u0026dn=lostinoffst.click\u0026ua=Mozilla%2F5.0+%28Windows+NT+10.0%3B+Win64%3B+x64%3B+rv%3A134.0%29+Gecko%2F20100101+Firefox%2F134.0\u0026requrl=http%3A%2F%2Fww38.lostinoffst.click%2F\u0026al=en-US%2Cen%3Bq%3D0.5","date":"2026-03-02T22:31:44.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"realtimesearchresults.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 22 Feb 2026 23:39:44 GMT","end":"Sat, 23 May 2026 23:39:43 GMT"},"fingerprint":{"sha1":"31:D9:5D:EC:85:73:9D:40:D2:96:E9:D9:97:7E:68:58:98:B1:2C:D1","sha256":"6B:C9:00:CD:5E:10:B4:46:69:E4:EA:A4:75:56:9C:28:40:9A:3C:DC:5A:45:C5:3D:63:B5:43:63:12:49:00:F0"}}},"request":{"raw":"GET /sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1 HTTP/1.1\r\nHost: realtimesearchresults.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://yfdpco3.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.28.0\r\nDate: Mon, 02 Mar 2026 22:31:37 GMT\r\nContent-Type: text/html\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\ncache-control: no-store, max-age=0\r\ncontent-encoding: gzip\r\nlink: \u003chttps://scripts.clarity.ms/0.8.54/clarity.js\u003e; rel=prefetch, \u003chttps://msadsscale.microsoft.com/bingads/telemetryJS.js\u003e; rel=prefetch, \u003chttps://www.clarity.ms\u003e; rel=dns-prefetch, \u003chttps://s.yimg.com/ds/scripts/selectTier-p1.1.0.js\u003e; rel=prefetch\r\nx-sc-h: 21-x5pz\r\nvia: 1.1 google\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.28.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]}],"data":{"size":67682,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (45998), with CRLF, LF line terminators","md5":"4c02eeb59d22202144c59b28c5728621","sha1":"78280194a25e1bf22bf5ef696f605553cc72933e","sha256":"cb89d4644327e96f838b938e5030744b26cef5075d6f961f4b07ba6ab8e59c2b","sha512":"72f2ca6e8605e73e0cd9ebe1edb76af2309fea26a62d31012cc486bb5b90ec55b7d0ed12258606600ca62376f6bf18c2729d5804d5c095748dffb53f891f8ae0","ssdeep":"1536:S9nXkZkM7SH3MM2qAFQ9xfeATfxmnsPNQNDzNk/5fHUT8ypFuLqmLOck:S9UZkM7SH3MM2qAFQ9xfeATfxmneQNDX","tlshash":"cd633add30c27426077720b2513f2e0ef2ab2155368e8844e9f5e5a63d3da9f8a23d4d","first_seen":"2026-03-02T22:32:04.764149Z","last_seen":"2026-03-02T22:32:04.764149Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1252,"timings":{"blocked":410,"dns":2,"connect":129,"send":0,"wait":299,"receive":132,"ssl":277},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"realtimesearchresults.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//arrrow.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-03-02T22:31:45.087Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 28 Jan 2026 16:34:52 GMT","end":"Tue, 28 Apr 2026 17:33:19 GMT"},"fingerprint":{"sha1":"F3:1F:AE:F5:F8:55:3C:E0:73:9D:53:9F:50:2C:79:55:B2:A1:33:D1","sha256":"50:7A:11:63:E8:59:A1:60:B9:7A:1C:11:46:F4:E5:9E:5A:10:E9:46:AD:96:82:92:F4:32:FE:23:EC:45:AC:B9"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//arrrow.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 283\r\nserver: cloudflare\r\naccept-ranges: bytes\r\nvia: 1.1 google\r\ncache-control: public, max-age=604800\r\nlast-modified: Thu, 06 Mar 2025 13:05:37 GMT\r\nage: 494421\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"11b-62fac2985d568\"\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=CToQmnrTf5lsJ2Z8uMCkT2gDZgu0XyXNplEkbYZEf4ZbwS7MJh8NG3MRD0j7xNToMJXfl1X4uofvjFSvCkLz7vFeGMP7oDC7ScDPh%2BAftlxx02vg\"}]}\r\ncf-ray: 9d63da7b08df4eff-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":283,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 17 x 27, 8-bit colormap, non-interlaced","md5":"80d42c82a6c37da90210fd60a2f36128","sha1":"554ba7c84d2a27ecf3b1f29d03e62101936b54d8","sha256":"a1626e2d9160a0890a0a8d6e3af9e7095d68a24f9fb5ac8a166000c9a2581e10","sha512":"8ecb032c38176996ee637009833f3399f773b325e4f574fbbd26f93cdb82892c4143c5816543052b3a5123b89ef4b1aaca0407315aab879968085e61a20786b6","ssdeep":"","tlshash":"38d023cb5d512c3dd3615031445810799df2ad602c774182013eb4760f73545c658714","first_seen":"2023-04-06T17:33:21Z","last_seen":"2026-04-04T14:48:36.48321Z","times_seen":149441,"resource_available":false,"data":null}},"time_used":94,"timings":{"blocked":38,"dns":2,"connect":8,"send":0,"wait":16,"receive":1,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"s.cdn-fileserver.com/__media__/pics/9000/09/593//bg1.png","fqdn":"s.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"104.21.31.250","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-03-02T22:31:45.106Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 28 Jan 2026 16:34:52 GMT","end":"Tue, 28 Apr 2026 17:33:19 GMT"},"fingerprint":{"sha1":"F3:1F:AE:F5:F8:55:3C:E0:73:9D:53:9F:50:2C:79:55:B2:A1:33:D1","sha256":"50:7A:11:63:E8:59:A1:60:B9:7A:1C:11:46:F4:E5:9E:5A:10:E9:46:AD:96:82:92:F4:32:FE:23:EC:45:AC:B9"}}},"request":{"raw":"GET /__media__/pics/9000/09/593//bg1.png HTTP/1.1\r\nHost: s.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:45 GMT\r\ncontent-type: image/png\r\ncontent-length: 17986\r\nserver: cloudflare\r\naccept-ranges: bytes\r\nvia: 1.1 google\r\ncache-control: public, max-age=604800\r\nlast-modified: Thu, 06 Mar 2025 12:55:21 GMT\r\nage: 504942\r\nx-cache-status: hit\r\nalt-svc: h3=\":443\"; ma=86400\r\netag: \"4642-62fac04c7759a\"\r\ncf-cache-status: HIT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=F7Oeog12L03kW9XUvODL9H1bHa5wSTa0kIi0gQTiGaU3BcrphN%2FBOAruw0wM2EQTuW8g5%2B%2FY7bHYLy5Y0w4WXrnSfW6xBKKeLlSi1eLsoLcGAbyy\"}]}\r\ncf-ray: 9d63da7b28fa4eff-ARN\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":17986,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1730 x 988, 4-bit colormap, non-interlaced","md5":"825ccd29ac102fcadaf92b2343d5917b","sha1":"24472e766cfac5b82a73b219796556a0a3702bd6","sha256":"0878fb2875c0ad852de8fb3e8f443afdf3064890f1443b3feccc274382f913cd","sha512":"71b8e7c0813227f5efa4b4e0561978b13672f46ee441bc222ad77aa46a32f0f44a5dab3ef038bb3418190e69dced597a79e77566da01a259f1cd6b5298a08662","ssdeep":"384:/ATpX6Cex7jSxPgvgsODg/B2HgqSSeMjhRNAxB60ZL/HU+HqofTBf:ipX6nx7elggsODg52AqSSJhIxBZZLc8N","tlshash":"8a82bef49ea4241cdde2dfbce09243d635e8fb03481a9c516bcb46c27459ea2782c71d","first_seen":"2023-04-06T22:32:28Z","last_seen":"2026-04-04T14:48:36.48395Z","times_seen":149417,"resource_available":false,"data":null}},"time_used":108,"timings":{"blocked":38,"dns":1,"connect":8,"send":0,"wait":29,"receive":2,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"s.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bql.php?vgd_len=5035\u0026\u0026vgd_l2type=dmola\u0026fp=3j2Ei1-yRY7s742U9f0nGbX-YwUu4QZ2q9lSECqeJfZehvfUckKyt0RlOd-eaNRwwzLzzCr7sBNuIoOc9jk9nOMHCwU-wh8x2RxpsUFS6n_g0tfg-Mjcb1PH7hzXaBSAIHPVbK2bv1aywiB0Yo26BQ%3D%3D\u0026cme=HJWsfYh0TPtixth3spqoyeS1RW0ZA_z60S3-_Z40xbvDaSS6jhIh7a80HOI5nGQkZRiyAuJgh1MYxaudJ9pjsGFydzzjKhZbWRzgLipZxZTJ90IsD_rwNLxyRoRojiT05N99BaoOQLzlIZstZXmZ7C-_Al-bkQA60dQdlB-NudFMEIDp5ZKVYKuPEx0uJ9wEyN7r-9YfAXkKYayc-l-E2Jf7xy1vsC3JrtSQDJbwqi8Y-X7NPpmJ45Mb0LLUAvaJyFtCv1mE3MU%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQJ2LACjYs2XSj_UvaHtlLvpecl2zfSMFmuy9bhklg-dw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C4Nxvvts4d3lLR-Fmi_R_9rocpWzwbiBISGOnzxmcpj2KnIO4mF6NwFmMtsIq3cOaTj13vbnAeSaxiERBoPWqbS5G9bu5CQujsoYvtsf8E6PYJHfmYrY_ILGqqzCcmdrSq7Ep_jlfANpCcb8nkGs4iN7L0X5sF4m7CPTqDkYAY-rshJKY8e5W0KbrMSaaeuZ3KyEJYviRV5fbfqDSN7D6Vyq6JF1eYW2NcHhYs8UcBNlDeQ8t2Iqxpa2OwH8vJdHGQuvQWiJHxZDRO6oadDE28HPGsWERjT8_3idiYuLPdcFxBZ8TCa4TeRatILnTwQt2lwfsbEmKFEW6yetUIlb1Skei2QMLMx8nsZEohKxCjXLuYgMtI_glW9GzxgziU6B8Mjw-PvvqRTlxse5dFrGdQJmKj6JuriNN3gGCocdGopzIk3OL_bwfhARMmgF0ZVmdMhE6Dmm6xpZHg8HjtmeqquiNnU7cLNGjVUl2LzlIW59H2yr3SZXHarKpvnUbtwWGTEWTYnGLeE-SS4m9XIMUwO3zJRt8o-5RY1oUXUoFNlF7ogVg2XG91xtQ2L43Nq1Qt5R-1quDjR4puUJRpwt4sgZk7o3difGbdQ_scwgiTIgzb-_vaVVmDHOto3GUA6CsbfztaVoqjbN-H_BoDUjVVV0IoIg2ItiAK-e5KD_BAHKfQ_5OG8NWVDOf01v6lvSqoCfuyjpKIAJnvr_QzAefqgLTRuwYVaEP%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ksu=360\u0026fdkt=658\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Top+10+Places+You+Must+Visit\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=1\u0026kid[]=351033257\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D8589%7Cclid_serp%3D5407%7Cakp%3D9%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D71735%7Cclpr%3D1.000000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Best+Small+Towns+to+Visit+in+USA\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=2\u0026kid[]=388132887\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D9212%7Cakp%3D3%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D60179%7Cclpr%3D1.000000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Secret+Places+to+Visit+in+London\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=3\u0026kid[]=385876755\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D21256%7Cakp%3D6%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D135466%7Cclpr%3D1.000000%7Ccllvl%3D2%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Urban+Exploration+Walking+Tours\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=4\u0026kid[]=1035205323\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D2%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=17174784\u0026kwd[]=10+Beautiful+Small+Towns+to+Retire\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=5\u0026kid[]=351568953\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D10%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D59574%7Cclpr%3D0.450000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79402247832288844194718814464\u0026v=1\u0026gdpr=1\u0026geo=59.93%7C10.8\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170763906\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=LJ1j78YJQJ1LNwLJQxj7Q.NmY\u0026cid=8CU6073RK\u0026vi=1772490704358366216\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=3\u0026vgd_tsce=L1156-S1156\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=21890\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2152003630393433517\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2844\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001772490704019015326356484667\u0026rc=0\u0026rand=1772490705139\u0026acid=undefined\u0026matm=1772490705139\u0026vgde_ltimesrc=u\u0026vgde_ltime=iAW\u0026vgde_rtime=WiW\u0026vgde_etm=uH\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AWAW%2C%22QNLLQ71L7%22%3AHA%2C%22QNLLLJzOJL%22%3Auh%2C%22QNLLJ-JN%22%3AXh%7D\u0026vgd_lhl=1931\u0026vgd_sbSup=1\u0026vgd_nrrs=21890\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-03-02T22:31:45.217Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 28 Jan 2026 16:34:52 GMT","end":"Tue, 28 Apr 2026 17:33:19 GMT"},"fingerprint":{"sha1":"F3:1F:AE:F5:F8:55:3C:E0:73:9D:53:9F:50:2C:79:55:B2:A1:33:D1","sha256":"50:7A:11:63:E8:59:A1:60:B9:7A:1C:11:46:F4:E5:9E:5A:10:E9:46:AD:96:82:92:F4:32:FE:23:EC:45:AC:B9"}}},"request":{"raw":"GET /bql.php?vgd_len=5035\u0026\u0026vgd_l2type=dmola\u0026fp=3j2Ei1-yRY7s742U9f0nGbX-YwUu4QZ2q9lSECqeJfZehvfUckKyt0RlOd-eaNRwwzLzzCr7sBNuIoOc9jk9nOMHCwU-wh8x2RxpsUFS6n_g0tfg-Mjcb1PH7hzXaBSAIHPVbK2bv1aywiB0Yo26BQ%3D%3D\u0026cme=HJWsfYh0TPtixth3spqoyeS1RW0ZA_z60S3-_Z40xbvDaSS6jhIh7a80HOI5nGQkZRiyAuJgh1MYxaudJ9pjsGFydzzjKhZbWRzgLipZxZTJ90IsD_rwNLxyRoRojiT05N99BaoOQLzlIZstZXmZ7C-_Al-bkQA60dQdlB-NudFMEIDp5ZKVYKuPEx0uJ9wEyN7r-9YfAXkKYayc-l-E2Jf7xy1vsC3JrtSQDJbwqi8Y-X7NPpmJ45Mb0LLUAvaJyFtCv1mE3MU%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQJ2LACjYs2XSj_UvaHtlLvpecl2zfSMFmuy9bhklg-dw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C4Nxvvts4d3lLR-Fmi_R_9rocpWzwbiBISGOnzxmcpj2KnIO4mF6NwFmMtsIq3cOaTj13vbnAeSaxiERBoPWqbS5G9bu5CQujsoYvtsf8E6PYJHfmYrY_ILGqqzCcmdrSq7Ep_jlfANpCcb8nkGs4iN7L0X5sF4m7CPTqDkYAY-rshJKY8e5W0KbrMSaaeuZ3KyEJYviRV5fbfqDSN7D6Vyq6JF1eYW2NcHhYs8UcBNlDeQ8t2Iqxpa2OwH8vJdHGQuvQWiJHxZDRO6oadDE28HPGsWERjT8_3idiYuLPdcFxBZ8TCa4TeRatILnTwQt2lwfsbEmKFEW6yetUIlb1Skei2QMLMx8nsZEohKxCjXLuYgMtI_glW9GzxgziU6B8Mjw-PvvqRTlxse5dFrGdQJmKj6JuriNN3gGCocdGopzIk3OL_bwfhARMmgF0ZVmdMhE6Dmm6xpZHg8HjtmeqquiNnU7cLNGjVUl2LzlIW59H2yr3SZXHarKpvnUbtwWGTEWTYnGLeE-SS4m9XIMUwO3zJRt8o-5RY1oUXUoFNlF7ogVg2XG91xtQ2L43Nq1Qt5R-1quDjR4puUJRpwt4sgZk7o3difGbdQ_scwgiTIgzb-_vaVVmDHOto3GUA6CsbfztaVoqjbN-H_BoDUjVVV0IoIg2ItiAK-e5KD_BAHKfQ_5OG8NWVDOf01v6lvSqoCfuyjpKIAJnvr_QzAefqgLTRuwYVaEP%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026ksu=360\u0026fdkt=658\u0026vgde_kbbh=fuoyxQBuGUBO\u0026kwd[]=Top+10+Places+You+Must+Visit\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=1\u0026kid[]=351033257\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D8589%7Cclid_serp%3D5407%7Cakp%3D9%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D71735%7Cclpr%3D1.000000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Best+Small+Towns+to+Visit+in+USA\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=2\u0026kid[]=388132887\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D9212%7Cakp%3D3%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D60179%7Cclpr%3D1.000000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Secret+Places+to+Visit+in+London\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=3\u0026kid[]=385876755\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D21256%7Cakp%3D6%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D135466%7Cclpr%3D1.000000%7Ccllvl%3D2%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79228162514264337593561125120\u0026kwd[]=Urban+Exploration+Walking+Tours\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=4\u0026kid[]=1035205323\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D2%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=17174784\u0026kwd[]=10+Beautiful+Small+Towns+to+Retire\u0026kwt[]=658\u0026kbc[]=db5647e5a8f76918611d297fae9e14e4.d2s\u0026kwp[]=5\u0026kid[]=351568953\u0026kbc2[]=dmodel%3D1%7Cclid_fz%3D-2%7Cclid_serp%3D-2%7Cakp%3D10%7C5%3D-1%7C6%3D-1%7C16%3D-1%7C19%3D0.00%7Ckus%3D5.0000%7Ckucs%3D5.0000%7Ckcucs%3D5.0000%7Ckcucs2%3D5.0000%7Ckssks%3D5.0000%7Crcid%3D59574%7Cclpr%3D0.450000%7Ccllvl%3D1%7Cokt%3D658%7Cbdkt%3D658%7Cps%3D0.995%7Cps_id%3D0\u0026ktd[]=79402247832288844194718814464\u0026v=1\u0026gdpr=1\u0026geo=59.93%7C10.8\u0026lper=100\u0026lpid=\u0026tsid=1005\u0026hint=\u0026cc=NO\u0026wsip=170763906\u0026bca=0\u0026ugd=4\u0026vgde_setid=Nfu\u0026vgde_chost=LJ1j78YJQJ1LNwLJQxj7Q.NmY\u0026cid=8CU6073RK\u0026vi=1772490704358366216\u0026vsid=DefVid\u0026tdAdd[]=asnum%3D50304\u0026vgde_test_data_struct=%7B%22EO7E8O%22%3Au%7D\u0026vgd_adprefflag=00\u0026vgd_adpref_diff=1010\u0026vgd_fm_lang=EN\u0026vgd_implt=3\u0026vgd_cage=3\u0026vgd_tsce=L1156-S1156\u0026vgd_l3_sc=03\u0026vgd_pdtid=1\u0026vgd_oscar=1\u0026vgd_ctrlid=O_SERP\u0026vgd_nrrv=21890\u0026vgd_nrrmf=8301000480a\u0026vgd_nrrsf=scrr\u0026vgd_cty=oslo\u0026vgd_csovr=0\u0026vgd_ifrmode=14\u0026sbdrId=\u0026verid=\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs\u0026kbbq=%26asn%3D50304\u0026vgd_ppvi=2152003630393433517\u0026vgd_wlstp=0\u0026vgd_vstrid=DefVid\u0026vgd_scsver=2844\u0026vgd_himglg=K0P0-O0K0-S0\u0026vgd_cache_metadata=%7B%22kbb%22%3Afalse%7D\u0026vgd_cfud=251031\u0026vgd_optout=0\u0026vgd_l2shld=1\u0026vgd_akcip=91.90.42.0\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026vgd_och=0\u0026vgd_rensize=1280_1024\u0026vgd_scr_h=1024\u0026vgd_scr_w=1280\u0026vgd_col_sch=l\u0026vgd_be=0\u0026vgd_nmerr=1\u0026tdAdd[]=uiparams%3D%3Brend_w%3A1280%3Brend_h%3A1024\u0026vgd_sc=03\u0026hvsid=00001772490704019015326356484667\u0026rc=0\u0026rand=1772490705139\u0026acid=undefined\u0026matm=1772490705139\u0026vgde_ltimesrc=u\u0026vgde_ltime=iAW\u0026vgde_rtime=WiW\u0026vgde_etm=uH\u0026vgde_timeObj=%7B%22juJ-JN%22%3Azxjj%2C%22jfjm1O%22%3AWAW%2C%22QNLLQ71L7%22%3AHA%2C%22QNLLLJzOJL%22%3Auh%2C%22QNLLJ-JN%22%3AXh%7D\u0026vgd_lhl=1931\u0026vgd_sbSup=1\u0026vgd_nrrs=21890\u0026vgde_cdeplbl=1E8Mzm7M1e18j1GjJ\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:45 GMT\r\ncontent-type: text/javascript\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Sun, 01 Mar 2026 22:31:45 GMT\r\npragma: no-cache\r\ntiming-allow-origin: *\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=3,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=eMSVzbKNpynbaqPRv4eiAYkW%2FPpJsfhEen0ZW0lXO4rvDGYBoLk8dU2qVU8iu%2F2qMUfWfrZmmKrUJNUjZpvUy9T5QOBFF4kV%2F4iovik1G4jUmWMd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9d63da7b8f4dc759-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]},{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-04-04T14:48:36.492832Z","times_seen":141672,"resource_available":true,"data":null}},"time_used":140,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":140,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"l.cdn-fileserver.com/bqi.php?vgd_len=1732\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1156-S1156\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O2799\u0026vgd_cage=3\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CU6073RK\u0026crid=848515096\u0026requrl=http%3A%2F%2Flostinoffst.click\u0026vi=1772490704358366216\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001772490704019015326356484667\u0026cme=HJWsfYh0TPtixth3spqoyeS1RW0ZA_z60S3-_Z40xbvDaSS6jhIh7a80HOI5nGQkZRiyAuJgh1MYxaudJ9pjsGFydzzjKhZbWRzgLipZxZTJ90IsD_rwNLxyRoRojiT05N99BaoOQLzlIZstZXmZ7C-_Al-bkQA60dQdlB-NudFMEIDp5ZKVYKuPEx0uJ9wEyN7r-9YfAXkKYayc-l-E2Jf7xy1vsC3JrtSQDJbwqi8Y-X7NPpmJ45Mb0LLUAvaJyFtCv1mE3MU%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQJ2LACjYs2XSj_UvaHtlLvpecl2zfSMFmuy9bhklg-dw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C4Nxvvts4d3lLR-Fmi_R_9rocpWzwbiBISGOnzxmcpj2KnIO4mF6NwFmMtsIq3cOaTj13vbnAeSaxiERBoPWqbS5G9bu5CQujsoYvtsf8E6PYJHfmYrY_ILGqqzCcmdrSq7Ep_jlfANpCcb8nkGs4iN7L0X5sF4m7CPTqDkYAY-rshJKY8e5W0KbrMSaaeuZ3KyEJYviRV5fbfqDSN7D6Vyq6JF1eYW2NcHhYs8UcBNlDeQ8t2Iqxpa2OwH8vJdHGQuvQWiJHxZDRO6oadDE28HPGsWERjT8_3idiYuLPdcFxBZ8TCa4TeRatILnTwQt2lwfsbEmKFEW6yetUIlb1Skei2QMLMx8nsZEohKxCjXLuYgMtI_glW9GzxgziU6B8Mjw-PvvqRTlxse5dFrGdQJmKj6JuriNN3gGCocdGopzIk3OL_bwfhARMmgF0ZVmdMhE6Dmm6xpZHg8HjtmeqquiNnU7cLNGjVUl2LzlIW59H2yr3SZXHarKpvnUbtwWGTEWTYnGLeE-SS4m9XIMUwO3zJRt8o-5RY1oUXUoFNlF7ogVg2XG91xtQ2L43Nq1Qt5R-1quDjR4puUJRpwt4sgZk7o3difGbdQ_scwgiTIgzb-_vaVVmDHOto3GUA6CsbfztaVoqjbN-H_BoDUjVVV0IoIg2ItiAK-e5KD_BAHKfQ_5OG8NWVDOf01v6lvSqoCfuyjpKIAJnvr_QzAefqgLTRuwYVaEP%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026fp=3j2Ei1-yRY7s742U9f0nGbX-YwUu4QZ2q9lSECqeJfZehvfUckKyt0RlOd-eaNRwwzLzzCr7sBNuIoOc9jk9nOMHCwU-wh8x2RxpsUFS6n_g0tfg-Mjcb1PH7hzXaBSAIHPVbK2bv1aywiB0Yo26BQ%3D%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1","fqdn":"l.cdn-fileserver.com","domain":"cdn-fileserver.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://realtimesearchresults.com/sr/754870121/SAFEFRAME.html?ule=773\u0026.r4_.z=7SSN%3A%2F%2FzcaSdCc%29%29aSw8zd8Z\u00267SSNa=F\u00268.dR=uyugFge1L\u002687CXV=1B6FgE1y%21\u002687CXt=calyUdCS8\u002688=06\u00268Rl=6t%2111\u00268SNdR=\u00268dR=u%28~Le%21VkY\u00269RN.=F\u00269RN.8CaS=\u0026CSl=\u0026CXr..=F\u0026GmdR=\u0026Ha7N=e\u0026HzaSN=e\u0026INzN=\u0026IRaN.=\u0026ImCU88UriN=\u0026NdR=\u0026RX.%29=F\u0026Rr8XXX=\u0026Sa8r=jFFgL\u0026XaNv=e\u0026ZH.%29=\u0026ZR=\u0026_9R=y\u0026_aNrC%29=e\u0026a8=eV\u0026aazR=%7B%22aa88%22%3A%2206%22%2C%22aa8SI%22%3A%22cazc%22%2C%22aadN%22%3A%22%22%2C%22aaa8%22%3A%22eV%22%7D\u0026adqr=FFgyiLu1\u0026amR.%2AR=\u0026cdR=ygytvv%298sty%218sy8Ftsvg81sF%21tF%29%21yFeerv\u0026czv%29=cCr\u0026dadR=e\u0026htmlsrc=1\u0026kkdd=3%2A%7Ch%7CA93u%2AHn\u0026ld=F%21%21ty1e%21eyVguVLLtFL\u0026mR.%2AR=\u0026mdR=\u0026mr=e\u0026mvr=\u0026r8.dR=\u0026tpid=\u0026v8S=BD%2A499%29h.h%29_._VDqqrrvDD99%2F0q40_D40%29\u0026vN%28_=\u0026vRSF=\u0026vRSt=\u0026vRcXvdC=\u0026vRl=\u0026ztSINr=RXczv\u0026eobd=\u0026eoac=RvYbkNvbY\u0026ure=1#vgd_sc=03\u0026acl=\u0026aclp=\u0026cl=\u0026clp=\u0026hvsid=00001772490704019015326356484667\u0026l2type=dmola\u0026lp=%7B%22ppvi%22%3A%222152003630393433517%22%2C%22wlstp%22%3A%220%22%7D\u0026matchstring=\u0026pvl=%7B%22nmerr%22%3A%221%22%7D\u0026pvlp=\u0026sbdrId=\u0026verid=\u0026acid=undefined\u0026mprpslog=zBs8rKcR1P4MquCSH8f8kIX1sPGVb7qSTcKFw7T97wwJJYebyecQ0bmkIOrtfOOA8f2rGoSaj6UfqqwJGopgut_UMy-bHzCaMekYF5w7efsgJNJMVwOSrLJQ85u8IRyHmtKKGmC1UFCjP_6tcf9s_wyGUH3nV5ByP02yHU012iTWru8iDREb7_Wq89WvwU5hx2LaQ2FS5Vs%3D\u0026tchkpts=%7B%22prel2%22%3A1772490704258%7D\u0026stime=1772490704258\u0026l3d=%257B%2522l2host%2522%253A%2522https%253A%252F%252Frealtimesearchresults.com%252Fsr%252F754870121%252FSAFEFRAME.html%253F-_1o%253D%25261~1o%253D4%25266GO%253DEK5ewwy9I9ytItqKvvVV6KKww%25252F8ve8tKe8y%25266oO3%253D%25266oOa%253D%25266og%253D%25266ojp61c%253D%25266zTt%253D%2526B_cSGGSVJz%253D%2526Bo~zI%253D%2526Bzxz%253D%2526G1o%253D%252521T2X4kqWF%2526GG%253D8m%2526GI1o%253D%252521P%252521.3.4HX%2526GOz1o%253D%2526GUcpa%253Dj~gPS1cOG%2526GUcpq%253DHEm3.fHPk%2526Gog%253DmakHH%2526IVetIx%253DUOOz%25253A%25252F%25252Fxj~O1cjyy~O%25252AGx1Gd%2526O~GV%253D033.X%2526Qx~Oz%253D4%2526Q~Uz%253D4%2526UOOz~%253D3%2526VGI1o%253D%2526_1o%253D%2526_6V%253D%2526_V%253D4%2526_oI5o%253D%2526cOg%253D%2526cpVII%253D3%2526dQIy%253D%2526do%253D%2526g1%253D3kkaPH4k4Pq.%252521qXXa3X%2526htmlsrc%253D1%2526j1o%253DP.Pa66yGCaPkGCPG3aC6.GHC3ka3ykP344V6%2526jx6y%253DjcV%2526kkdd%253Duu%25257C%252521%25257CnAH%25252A39uWh%2526oVGppp%253D%2526p~z6%253D4%2526tpid%253D%2526two%253DP%2526t~zVcy%253D4%2526wozI%253D3%2526wozIGc~O%253D%2526xaOBzV%253Dopjx6%2526z1o%253D%2526~1vV%253D33.PJX%252521H%2526~G%253D4q%2526~_oI5o%253D%2526~~xo%253D%25257B%252522~~GG%252522%25253A%2525228m%252522%25252C%252522~~GOB%252522%25253A%252522j~xj%252522%25252C%252522~~1z%252522%25253A%252522%252522%25252C%252522~~~G%252522%25253A%2525224q%252522%25257D%2522%252C%2522be%2522%253A%25220%2522%252C%2522nmerr%2522%253A%25221%2522%257D\u0026infr=1\u0026twna=1","date":"2026-03-02T22:31:46.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn-fileserver.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 28 Jan 2026 16:34:52 GMT","end":"Tue, 28 Apr 2026 17:33:19 GMT"},"fingerprint":{"sha1":"F3:1F:AE:F5:F8:55:3C:E0:73:9D:53:9F:50:2C:79:55:B2:A1:33:D1","sha256":"50:7A:11:63:E8:59:A1:60:B9:7A:1C:11:46:F4:E5:9E:5A:10:E9:46:AD:96:82:92:F4:32:FE:23:EC:45:AC:B9"}}},"request":{"raw":"GET /bqi.php?vgd_len=1732\u0026\u0026vgd_aref=0\u0026vgd_tsce=L1156-S1156\u0026vgd_l2type=dmola\u0026vgd_ydspr=0\u0026vgd_cdv=O2799\u0026vgd_cage=3\u0026vgd_pgids=0\u0026vgd_pdtid=1\u0026vgd_oreqf=one\u0026vgd_oresf=one\u0026lf=3\u0026prid=8PR11258V\u0026cid=8CU6073RK\u0026crid=848515096\u0026requrl=http%3A%2F%2Flostinoffst.click\u0026vi=1772490704358366216\u0026ugd=4\u0026cc=NO\u0026sc=03\u0026gdpr=1\u0026vgd_acid=undefined\u0026hvsid=00001772490704019015326356484667\u0026cme=HJWsfYh0TPtixth3spqoyeS1RW0ZA_z60S3-_Z40xbvDaSS6jhIh7a80HOI5nGQkZRiyAuJgh1MYxaudJ9pjsGFydzzjKhZbWRzgLipZxZTJ90IsD_rwNLxyRoRojiT05N99BaoOQLzlIZstZXmZ7C-_Al-bkQA60dQdlB-NudFMEIDp5ZKVYKuPEx0uJ9wEyN7r-9YfAXkKYayc-l-E2Jf7xy1vsC3JrtSQDJbwqi8Y-X7NPpmJ45Mb0LLUAvaJyFtCv1mE3MU%3D%7C%7CWtJPvijWHRsfBv4nOZN-Vs0s0qvvEfG0%7CxDcVMoSqRIQJ2LACjYs2XSj_UvaHtlLvpecl2zfSMFmuy9bhklg-dw%3D%3D%7Cb8KlCmE6kTENKxSBIehsQLbXBNKeHPZV%7C4Nxvvts4d3lLR-Fmi_R_9rocpWzwbiBISGOnzxmcpj2KnIO4mF6NwFmMtsIq3cOaTj13vbnAeSaxiERBoPWqbS5G9bu5CQujsoYvtsf8E6PYJHfmYrY_ILGqqzCcmdrSq7Ep_jlfANpCcb8nkGs4iN7L0X5sF4m7CPTqDkYAY-rshJKY8e5W0KbrMSaaeuZ3KyEJYviRV5fbfqDSN7D6Vyq6JF1eYW2NcHhYs8UcBNlDeQ8t2Iqxpa2OwH8vJdHGQuvQWiJHxZDRO6oadDE28HPGsWERjT8_3idiYuLPdcFxBZ8TCa4TeRatILnTwQt2lwfsbEmKFEW6yetUIlb1Skei2QMLMx8nsZEohKxCjXLuYgMtI_glW9GzxgziU6B8Mjw-PvvqRTlxse5dFrGdQJmKj6JuriNN3gGCocdGopzIk3OL_bwfhARMmgF0ZVmdMhE6Dmm6xpZHg8HjtmeqquiNnU7cLNGjVUl2LzlIW59H2yr3SZXHarKpvnUbtwWGTEWTYnGLeE-SS4m9XIMUwO3zJRt8o-5RY1oUXUoFNlF7ogVg2XG91xtQ2L43Nq1Qt5R-1quDjR4puUJRpwt4sgZk7o3difGbdQ_scwgiTIgzb-_vaVVmDHOto3GUA6CsbfztaVoqjbN-H_BoDUjVVV0IoIg2ItiAK-e5KD_BAHKfQ_5OG8NWVDOf01v6lvSqoCfuyjpKIAJnvr_QzAefqgLTRuwYVaEP%7CWOR44ZnjshyX0FEZj6c52uG8KGTsvju_%7C\u0026fp=3j2Ei1-yRY7s742U9f0nGbX-YwUu4QZ2q9lSECqeJfZehvfUckKyt0RlOd-eaNRwwzLzzCr7sBNuIoOc9jk9nOMHCwU-wh8x2RxpsUFS6n_g0tfg-Mjcb1PH7hzXaBSAIHPVbK2bv1aywiB0Yo26BQ%3D%3D\u0026vgd_rensize=1280_1024\u0026vgd_end=1 HTTP/1.1\r\nHost: l.cdn-fileserver.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://realtimesearchresults.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:46 GMT\r\ncontent-type: text/javascript\r\naccept-ch: Sec-CH-UA-Full-Version-List, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\ncache-control: max-age=0, no-cache, no-store\r\nexpires: Sun, 01 Mar 2026 22:31:46 GMT\r\npragma: no-cache\r\nvia: 1.1 google\r\nstrict-transport-security: max-age=63072000\r\nalt-svc: h3=\":443\"; ma=86400\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ayaVTb8zrmgZprSG7kSSAciW4VDiDZE59GyjJocwHbqN9MBLavIvuNMwPfmBdClv1ftETYv2BSkFc2hcbTDqlc0rnZKp07lvkCOanFyl8rHoRKb%2B\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nserver: cloudflare\r\ncf-ray: 9d63da81ce2dc759-OSL\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Cloud","description":"Google Cloud is a suite of cloud computing services.","website":"https://cloud.google.com","common_platform_enumeration":"cpe:2.3:a:google:cloud_platform:*:*:*:*:*:*:*:*","icon":"Google Cloud.svg","categories":["IaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Google Cloud CDN","description":"Cloud CDN uses Google's global edge network to serve content closer to users.","website":"https://cloud.google.com/cdn","common_platform_enumeration":"","icon":"google-cloud-cdn.svg","categories":["CDN"]}],"data":{"size":15,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with no line terminators","md5":"2ba5e95642c652c708881ad3c9d8443f","sha1":"5bfcc33bb9cc897546c600206b03d1307bd63a94","sha256":"c787e9dd6dc8ea3c935f5f0f30e3b9e4a3e066b4619bb244f569883f8e318a24","sha512":"8c157fc41fd03bbd47633269b18effb652644e58284f8f85465b0ffba9b5a06544a03ed0655706c96edfa09a64f4f164f6bbc573ac5045000cae03c8b36d046f","ssdeep":"","tlshash":"7e600000000cc030030f0c00c3000300303000c000000c33000f30cc000000c00fc303","first_seen":"2025-03-08T00:25:13.560069Z","last_seen":"2026-04-04T14:48:36.492832Z","times_seen":141672,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":131,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"l.cdn-fileserver.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.blueridgeloop.com/mon","fqdn":"obseu.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:47.144Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.blueridgeloop.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Wed, 29 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F0:B4:9E:AB:EC:F1:B1:6E:FC:2F:30:44:A7:59:88:02:56:5A:C9:DE","sha256":"9E:F1:FB:78:7A:CB:8E:2E:8E:82:6B:A7:84:5B:3B:FC:89:B5:F5:3B:33:6A:29:2F:A5:BF:8E:80:6B:97:FF:E5"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.blueridgeloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1708\r\nOrigin: http://ww38.lostinoffst.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nCookie: cg_uuid=11217fc1f636366030d46fa5fb7c1cb1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1708,"data":"e=37dfbd8ee84e00126decc33cea408a999225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f6748838188007a6c1aa87e7402843dd962c404640125c503050967030cc7ed394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2c4124510cf38b2f627852a5fb4f2f8afea67b98b60a7a4c7df9a3f4c1cd25e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6cc4b27aa81a52bd950bc02acd7449b1c90d06dd82a61c38b2dd9798290bda2ccb0bd0b20f72fb6b9f2354367aed971eecb50af571413dd5f469795808899aacb70d82dd499a5987ffe3c2374c4366b959ed11667f3ee628d06e9980fd935a45952485bcb76f14dd0c4ba74bd842ecc11ebcf849b6bce170468fe7f1a58794568ecaa23ec059b8cc964a19e44f39b2bd694c2f83dd7f0a81f283e98e71e1ce2e45b0852aea2b47ab93b98e240f2e326b560bd329357c809d1aa3cdb0720e5af8e7b383e641f370d5c16c7fd9e38975be357445128e6b548d89a1c05febfdfb9a233c389b28ff080aa840d0e558316d5cb4b7291002042837157636de87aa8711bc6e2c1648a63c97ef9fc51b4ec70e4255a662053394ec6d2f8c9783e0cce0a4f87d2c7bab7cd510197b0ba7d95d1213ddedb653a37f8e8a82360fd59e3378d06f17ddb44c9c27895a620a0dfd1c092477efdb46a27d30af9dee1ef4fc332564352cd371d42bba1439db841888b91c954cd858f2f1c771aef2fa104b647f2dc3cd4204920413a7f77fd48cedc7147b36fdcb5aa768a9e5f86746fbd4e3f7fcaaac30047ef73fd92028544624258b63a2c82afd068d74567ccd001abdec1edd101c857502216f2733940ded4551aa836b9bb9d7193c1b45d4f76b06e281a49\u0026cri=K5wphmZFgP\u0026sf=0\u0026dc=\u0026cp=3\u0026gtm=-\u0026gac=-\u0026uvid=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=3005\u0026mo=0\u0026pn=3963\u0026spn=958\u0026fp=476\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.lostinoffst.click\r\ncontent-type: application/json\r\ndate: Mon, 02 Mar 2026 22:31:47 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.blueridgeloop.com/mon","fqdn":"obseu.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:54.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.blueridgeloop.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Wed, 29 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F0:B4:9E:AB:EC:F1:B1:6E:FC:2F:30:44:A7:59:88:02:56:5A:C9:DE","sha256":"9E:F1:FB:78:7A:CB:8E:2E:8E:82:6B:A7:84:5B:3B:FC:89:B5:F5:3B:33:6A:29:2F:A5:BF:8E:80:6B:97:FF:E5"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.blueridgeloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 1711\r\nOrigin: http://ww38.lostinoffst.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nCookie: cg_uuid=11217fc1f636366030d46fa5fb7c1cb1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":1711,"data":"e=37dfbd8ee84e00126decc33cea408a999225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f6748838188007a6c1aa87e7402843dd962c404640125c503050967030cc7ed394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2c4124510cf38b2f627852a5fb4f2f8afea67b98b60a7a4c7df9a3f4c1cd25e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6cc4b27aa81a52bd950bc02acd7449b1c90d06dd82a61c38b2dd9798290bda2ccb0bd0b20f72fb6b9f2354367aed971eecb50af571413dd5f469795808899aacb70d82dd499a5987ffe3c2374c4366b959ed11667f3ee628d06e9980fd935a45952485bcb76f14dd0c4ba74bd842ecc11ebcf849b6bce170468fe7f1a58794568ecaa23ec059b8cc964a19e44f39b2bd694c2f83dd7f0a81f283e98e71e1ce2e45b0852aea2b47ab93b98e240f2e326b560bd329357c809d1aa3cdb0720e5af8e7b383e641f370d5c16c7fd9e38975be357445128e6b548d89a1c05febfdfb9a233c389b28ff080aa840d0e558316d5cb4b7291002042837157636de87aa8711bc6e2c1648a63c97ef9fc51b4ec70e4255a662053394ec6d2f8c9783e0cce0a4f87d2c7bab7cd510197b0ba7d95d1213ddedb653a37f8e8a82360fd59e3378d06f17ddb44c9c27895a620a0dfd1c092477efdb46a27d30af9dee1ef4fc332564352cd371d42bba1439db841888b91c954cd858f2f1c771aef2fa104b647f2dc3cd4204920413a7f77fd48cedc7147b36fdcb5aa768a9e5f86746fbd4e3f7fcaaac30047ef73fd92028544624258b63a2c82afd068d74567ccd001abdec1edd101c857502216f2733940ded4551aa836b9bb9d7193c1b45d4f76b06e281a49\u0026cri=K5wphmZFgP\u0026sf=0\u0026dc=\u0026cp=10\u0026gtm=-\u0026gac=-\u0026uvid=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558\u0026tb=1\u0026ich=0\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=10012\u0026mo=0\u0026pn=10971\u0026spn=958\u0026fp=476\u0026snt=1"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.lostinoffst.click\r\ncontent-type: application/json\r\ndate: Mon, 02 Mar 2026 22:31:54 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lostinoffst.click/js/fingerprint/iife.min.js","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"103.224.182.212","port":443,"asn":133618,"as":"Trellian Pty. Limited","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://lostinoffst.click/","date":"2026-03-02T22:31:38.681Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blueberry-lesite.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 09 Jan 2026 05:25:31 GMT","end":"Thu, 09 Apr 2026 05:25:30 GMT"},"fingerprint":{"sha1":"D7:5A:27:C0:ED:E6:FD:EC:07:DD:E6:F9:60:DB:93:8F:7D:EA:19:E3","sha256":"B4:74:D1:A1:30:2D:30:8B:1F:26:67:0F:17:D8:F4:FF:B2:EE:3D:DD:5E:36:5D:0E:19:D8:DD:73:4B:6B:A2:5B"}}},"request":{"raw":"GET /js/fingerprint/iife.min.js HTTP/1.1\r\nHost: lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lostinoffst.click/\r\nCookie: __tad=1772490698.1196492\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\ndate: Mon, 02 Mar 2026 22:31:39 GMT\r\nserver: Apache\r\nlast-modified: Mon, 28 Apr 2025 06:31:27 GMT\r\netag: \"85c0-633d0d56a6dc0\"\r\naccept-ranges: bytes\r\ncontent-length: 34240\r\ncontent-type: text/javascript\r\nconnection: close\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Apache HTTP Server","description":"Apache is a free and open-source cross-platform web server software.","website":"https://httpd.apache.org/","common_platform_enumeration":"cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*","icon":"Apache.svg","categories":["Web servers"]}],"data":{"size":34240,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (33896), with CRLF line terminators","md5":"63f9fd621d1fbd53b7c5856e58c11ccd","sha1":"a46973c2fbdbfeb159e0d717a90f88307e274012","sha256":"c6bc28686490aba34a53ab3b709afa1fd73c21e60feb25608b09f23efe170089","sha512":"d4df433c7368ec078fbc473398a4ab21e6da20950ac4db34338623296887db40320b05b9bde6130e43d2b55c82b81a56b60bab0d6a4c97df54a0cb7a8f09325b","ssdeep":"384:XhQYTcHRx9vfQxcuK83ERxXYxMvtTpIBNwBUZXLew5gc+RW7+5ERNFaqE8E0QI+V:XSbHRTArOGSoyISuNwxJzZbPePKe9y","tlshash":"6cf207d8b2c3b02d227378ba497f6006b63abd55641c4803d57be5c178a4e5a813bfb8","first_seen":"2023-05-01T16:20:27Z","last_seen":"2026-04-04T14:49:50.4723Z","times_seen":35218,"resource_available":true,"data":null}},"time_used":1025,"timings":{"blocked":352,"dns":1,"connect":159,"send":0,"wait":160,"receive":160,"ssl":189},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lostinoffst.click/favicon.ico","fqdn":"lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://lostinoffst.click/","date":"2026-03-02T22:31:39.386Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"blueberry-lesite.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 09 Jan 2026 05:25:31 GMT","end":"Thu, 09 Apr 2026 05:25:30 GMT"},"fingerprint":{"sha1":"D7:5A:27:C0:ED:E6:FD:EC:07:DD:E6:F9:60:DB:93:8F:7D:EA:19:E3","sha256":"B4:74:D1:A1:30:2D:30:8B:1F:26:67:0F:17:D8:F4:FF:B2:EE:3D:DD:5E:36:5D:0E:19:D8:DD:73:4B:6B:A2:5B"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://lostinoffst.click/\r\nCookie: __tad=1772490698.1196492\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":333,"timings":{"blocked":0,"dns":1,"connect":156,"send":0,"wait":0,"receive":0,"ssl":175},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-03-02T22:31:43.193Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: ww38.lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 02 Mar 2026 22:31:43 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccept-Ch: viewport-width, dpr, device-memory, rtt, downlink, ect, ua, ua-full-version, ua-platform, ua-platform-version, ua-arch, ua-model, ua-mobile\r\nAccept-Ch-Lifetime: 30\r\nContent-Encoding: gzip\r\nVary: Accept-Encoding\r\nVia: 0.0 Caddy\r\nX-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBALquDFETXRn0Hr05fUP7EJT77xYnPmRbpMy4vk8KYiHnkNpednjOANJcaXDXcKQJN0nXKZJL7TciJD8AoHXK158CAwEAAQ==_NwAskh/IyFI9EOwIoC3P+jcqitVgDxQbfoT7po+l/L+3MXFTIrF6PmYSTvC6H0dePDM7bknlevKplHO+7NJx0Q==\r\nX-Domain: lostinoffst.click\r\nX-Pcrew-Blocked-Reason: hosting network\r\nX-Pcrew-Ip-Organization: Blix Solutions\r\nX-Redirect: skenzo\r\nX-Subdomain: ww38\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15521,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (448)","md5":"e7f2666c8c7b435c1e66d570a154c7a5","sha1":"93503075d3db890fe1781ed0bcea23ffc3cdd423","sha256":"7bd659bf0f7540cef624c59bc7f2f148858b5909bf34b79342f295753ae5355f","sha512":"451c9d26ae79b63cc87b0ba2d1c75d106426eac79d1ebac42804a355c0a9d965e9bab0f2edb454eb67f311a0a6f3630ce9c3af9143eb0bb90f299d7c98dca611","ssdeep":"192:oR8pKfsTxcYoHSiF57zA5GYJFTOJdt+/eL70llYMw8YoHsfOBro2Tc/91hy:oexcYoHSiF57no/1YoHsfO2/E","tlshash":"7a62b8436be31519b11b80a98f9aa74532289107d60fcd6cfaec77a8df4c1d461a3bdc","first_seen":"2026-03-02T22:32:04.771521Z","last_seen":"2026-03-02T22:32:04.771521Z","times_seen":1,"resource_available":true,"data":null}},"time_used":426,"timings":{"blocked":103,"dns":0,"connect":102,"send":0,"wait":219,"receive":1,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.513729+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":542},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":4,\"pkts_toclient\":8,\"bytes_toserver\":643,\"bytes_toclient\":6306,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"euob.blueridgeloop.com/sxp/i/636f8b858f681acb7bfa6f583a96630a.js","fqdn":"euob.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"3.167.2.93","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:43.635Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.blueridgeloop.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Sat, 27 Feb 2027 23:59:59 GMT"},"fingerprint":{"sha1":"05:97:29:04:D9:F8:31:93:99:22:D9:08:4A:1C:65:C8:19:CB:AC:90","sha256":"A5:6D:2D:83:5F:E4:A1:BC:A9:39:33:E6:14:53:D6:A4:92:CB:1E:56:BA:00:51:55:34:2C:D1:87:DE:42:A3:B3"}}},"request":{"raw":"GET /sxp/i/636f8b858f681acb7bfa6f583a96630a.js HTTP/1.1\r\nHost: euob.blueridgeloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript; charset=utf-8\r\ncontent-length: 44765\r\ncontent-encoding: gzip\r\nserver: Caddy\r\ncache-control: max-age=43200\r\ndate: Mon, 02 Mar 2026 16:52:03 GMT\r\nexpires: Tue, 03 Mar 2026 04:52:03 GMT\r\netag: \"1d8a0-xJCiqv8OEmkhaxNW1S2LJ8xJiQM\"\r\nvary: accept-encoding\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 94fbdabfcc07b91a0e8ffbb741347df8.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P2\r\nx-amz-cf-id: D-tjbGh7G2e0D0SW8m1GdytQOm1bWmPI9OK31c7tYflrj2gqkKL1zw==\r\nage: 20380\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Caddy","description":"","website":"https://caddyserver.com","common_platform_enumeration":"cpe:2.3:a:caddyserver:caddy:*:*:*:*:*:*:*:*","icon":"caddy.svg","categories":["Web servers"]}],"data":{"size":120992,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"data","md5":"249560d748450919cd43298e4ae19bdc","sha1":"c490a2aaff0e1269216b1356d52d8b27cc498903","sha256":"dc936fd40d884f0f4dce82fe8b871b351afda841e8ea6bc9dcfb2d80cdf82632","sha512":"0b58bf1974c6b8fbb3ec5fd7db15ba3b632e65ca3d0dd7573b18da398df89137fa4034d7877b7c045298cbeabf14b1269899ddb25c30e734c5f4cc91f2e8a6be","ssdeep":"1536:5wxRb5bdwL+plFz9FSUsqLonLNYgetcVPkx2cnYteolbFr3rd6TcWmuZUfFi8AiM:5ma+xzkVP9ftrdruZ5QZ3faA8rv","tlshash":"9dc3c6ddb2e27025439324a5157f410ae27b2e553c4b8290d17ee9d4ac7ce8e817bfac","first_seen":"2026-03-01T16:53:40.617471Z","last_seen":"2026-03-04T09:50:39.913423Z","times_seen":718,"resource_available":true,"data":null}},"time_used":23,"timings":{"blocked":9,"dns":1,"connect":1,"send":0,"wait":1,"receive":2,"ssl":7},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"euob.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.qlq2z3KaJdnZPIFx8XNQDgY9ASjVPvqXD52U9xcNitMwISSzpDjGng.7THuF_tKXI2g4PVjkiSU6g.W4ngBuIoLl2kNwWkd0Xppb7wNrn6sXDOqQqniQOMxznRB1W1d_4ilYVjTYZ56M4U1wjuAmdSswZhb1FlwjVOZvVMWpAGgCmNRbAP_xMigkqpES6ODZxW8xpE85Tqa1JNektLmdyyuSw-sYu6ZA2m5GlW2oOHH9RPFRug3qIO8MrIhEg65MatzRy8t-NZq1PeZ_ege7eBp3kCfx4SuPyyiQ.yzkgPsQwjWs0hvAmYF70dQ\u0026t=69a60fcf\u0026token=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:43.644Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.qlq2z3KaJdnZPIFx8XNQDgY9ASjVPvqXD52U9xcNitMwISSzpDjGng.7THuF_tKXI2g4PVjkiSU6g.W4ngBuIoLl2kNwWkd0Xppb7wNrn6sXDOqQqniQOMxznRB1W1d_4ilYVjTYZ56M4U1wjuAmdSswZhb1FlwjVOZvVMWpAGgCmNRbAP_xMigkqpES6ODZxW8xpE85Tqa1JNektLmdyyuSw-sYu6ZA2m5GlW2oOHH9RPFRug3qIO8MrIhEg65MatzRy8t-NZq1PeZ_ege7eBp3kCfx4SuPyyiQ.yzkgPsQwjWs0hvAmYF70dQ\u0026t=69a60fcf\u0026token=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558 HTTP/1.1\r\nHost: ww38.lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://ww38.lostinoffst.click/\r\nDNT: 1\r\nConnection: keep-alive\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 403 Forbidden\r\nServer: nginx\r\nDate: Mon, 02 Mar 2026 22:31:43 GMT\r\nContent-Type: text/html\r\nContent-Length: 146\r\nConnection: keep-alive\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"9fe3cb2b7313dc79bb477bc8fde184a7","sha1":"4d7b3cb41e90618358d0ee066c45c76227a13747","sha256":"32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864","sha512":"c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db","ssdeep":"","tlshash":"2cc08c26351e2c0c96a322b402c36a50d092c3304c5a19004600420371c31168ac3315","first_seen":"2023-04-05T07:27:09Z","last_seen":"2026-04-04T14:48:36.500255Z","times_seen":75482,"resource_available":true,"data":null}},"time_used":103,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":103,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.745838+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":1,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/chronos?dune=eyJhbGciOiJBMTI4S1ciLCJlbmMiOiJBMTI4Q0JDLUhTMjU2In0.qlq2z3KaJdnZPIFx8XNQDgY9ASjVPvqXD52U9xcNitMwISSzpDjGng.7THuF_tKXI2g4PVjkiSU6g.W4ngBuIoLl2kNwWkd0Xppb7wNrn6sXDOqQqniQOMxznRB1W1d_4ilYVjTYZ56M4U1wjuAmdSswZhb1FlwjVOZvVMWpAGgCmNRbAP_xMigkqpES6ODZxW8xpE85Tqa1JNektLmdyyuSw-sYu6ZA2m5GlW2oOHH9RPFRug3qIO8MrIhEg65MatzRy8t-NZq1PeZ_ege7eBp3kCfx4SuPyyiQ.yzkgPsQwjWs0hvAmYF70dQ\u0026t=69a60fcf\u0026token=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"text/html\",\"http_refer\":\"http://ww38.lostinoffst.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":403,\"length\":146},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":10,\"pkts_toclient\":10,\"bytes_toserver\":1741,\"bytes_toclient\":6708,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"http","addr":"ww38.lostinoffst.click/favicon.ico","fqdn":"ww38.lostinoffst.click","domain":"lostinoffst.click","tld":"click"},"ip":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:43.754Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: ww38.lostinoffst.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx\r\nDate: Mon, 02 Mar 2026 22:31:43 GMT\r\nContent-Type: image/x-icon\r\nContent-Length: 0\r\nLast-Modified: Wed, 11 Sep 2024 11:38:26 GMT\r\nConnection: keep-alive\r\nETag: \"66e18132-0\"\r\nAccept-Ranges: bytes\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/x-icon","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":102,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-03-02T22:31:43Z","timestamp":1772490703,"ip_dst":{"addr":"185.53.179.200","port":80,"asn":61969,"as":"Team Internet AG","country":"Germany","country_code":"DE"},"ip_src":{"addr":"172.18.0.20","port":54244,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ETPRO INFO HTTP Request to a *.click domain","source":"{\"timestamp\":\"2026-03-02T22:31:43.895585+0000\",\"flow_id\":957445112328368,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.20\",\"src_port\":54244,\"dest_ip\":\"185.53.179.200\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"ET.SuspExeTLDs\"]},\"tx_id\":2,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2858675,\"rev\":1,\"signature\":\"ETPRO INFO HTTP Request to a *.click domain\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2024_10_10\"],\"signature_severity\":[\"Informational\"],\"tag\":[\"Description_Generated_By_Proofpoint_Nexus\"],\"updated_at\":[\"2024_10_10\"]}},\"http\":{\"hostname\":\"ww38.lostinoffst.click\",\"url\":\"/favicon.ico\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_content_type\":\"image/x-icon\",\"http_refer\":\"http://ww38.lostinoffst.click/\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"status\":200,\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":12,\"pkts_toclient\":11,\"bytes_toserver\":2218,\"bytes_toclient\":6992,\"start\":\"2026-03-02T22:31:43.192688+0000\"}}"}],"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"obseu.blueridgeloop.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126decc33cea408a999225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f6748838188007a6c1aa87e7402843dd962c404640125c503050967030cc7ed394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2c4124510cf38b2f627852a5fb4f2f8afea67b98b60a7a4c7df9a3f4c1cd25e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6cc4b27aa81a52bd950bc02acd7449b1c90d06dd82a61c38b2dd9798290bda2ccb0bd0b20f72fb6b9f2354367aed971eecb50af571413dd5f469795808899aacb70d82dd499a5987ffe3c2374c4366b959ed11667f3ee628d06e9980fd935a45952485bcb76f14dd0c4ba74bd842ecc11ebcf849b6bce170468fe7f1a58794568ecaa23ec059b8cc964a19e44f39b2bd694c2f83dd7f0a81f283e98e71e1ce2e45b0852aea2b47ab93b98e240f2e326b560bd329357c809d1aa3cdb0720e5af8e7b383e641f370d5c16c7fd9e38975be357445128e6b548d89a1c05febfdfb9a233c389b28ff080aa840d0e558316d5cb4b7291002042837157636de87aa8711bc6e2c1648a63c97ef9fc51b4ec70e4255a662053394ec6d2f8c9783e0cce0a4f87d2c7bab7cd510197b0ba7d95d1213ddedb653a37f8e8a82360fd59e3378d06f17ddb44c9c27895a620a0dfd1c092477efdb46a27d30af9dee1ef4fc332564352cd371d42bba1439db841888b91c954cd858f2f1c771aef2fa104b647f2dc3cd4204920413a7f77fd48cedc7147b36fdcb5aa768a9e5f86746fbd4e3f7fcaaac30047ef73fd92028544624258b63a2c82afd068d74567ccd001abdec1edd101c857502216f2733940ded4551aa836b9bb9d7193c1b45d4f76b06e281a18dd4e139fd99c444ec339288dc0954b9f85e68c0c6f\u0026cri=K5wphmZFgP\u0026ts=213\u0026cb=1772490704141","fqdn":"obseu.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"img","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:44.153Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.blueridgeloop.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Wed, 29 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F0:B4:9E:AB:EC:F1:B1:6E:FC:2F:30:44:A7:59:88:02:56:5A:C9:DE","sha256":"9E:F1:FB:78:7A:CB:8E:2E:8E:82:6B:A7:84:5B:3B:FC:89:B5:F5:3B:33:6A:29:2F:A5:BF:8E:80:6B:97:FF:E5"}}},"request":{"raw":"GET /tracker/tc_imp.gif?e=37dfbd8ee84e00126decc33cea408a999225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f6748838188007a6c1aa87e7402843dd962c404640125c503050967030cc7ed394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2c4124510cf38b2f627852a5fb4f2f8afea67b98b60a7a4c7df9a3f4c1cd25e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6cc4b27aa81a52bd950bc02acd7449b1c90d06dd82a61c38b2dd9798290bda2ccb0bd0b20f72fb6b9f2354367aed971eecb50af571413dd5f469795808899aacb70d82dd499a5987ffe3c2374c4366b959ed11667f3ee628d06e9980fd935a45952485bcb76f14dd0c4ba74bd842ecc11ebcf849b6bce170468fe7f1a58794568ecaa23ec059b8cc964a19e44f39b2bd694c2f83dd7f0a81f283e98e71e1ce2e45b0852aea2b47ab93b98e240f2e326b560bd329357c809d1aa3cdb0720e5af8e7b383e641f370d5c16c7fd9e38975be357445128e6b548d89a1c05febfdfb9a233c389b28ff080aa840d0e558316d5cb4b7291002042837157636de87aa8711bc6e2c1648a63c97ef9fc51b4ec70e4255a662053394ec6d2f8c9783e0cce0a4f87d2c7bab7cd510197b0ba7d95d1213ddedb653a37f8e8a82360fd59e3378d06f17ddb44c9c27895a620a0dfd1c092477efdb46a27d30af9dee1ef4fc332564352cd371d42bba1439db841888b91c954cd858f2f1c771aef2fa104b647f2dc3cd4204920413a7f77fd48cedc7147b36fdcb5aa768a9e5f86746fbd4e3f7fcaaac30047ef73fd92028544624258b63a2c82afd068d74567ccd001abdec1edd101c857502216f2733940ded4551aa836b9bb9d7193c1b45d4f76b06e281a18dd4e139fd99c444ec339288dc0954b9f85e68c0c6f\u0026cri=K5wphmZFgP\u0026ts=213\u0026cb=1772490704141 HTTP/1.1\r\nHost: obseu.blueridgeloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nCookie: cg_uuid=11217fc1f636366030d46fa5fb7c1cb1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: no-cache, no-store, must-revalidate\r\ncontent-type: image/gif\r\ndate: Mon, 02 Mar 2026 22:31:44 GMT\r\nexpires: Fri, 01 Jan 1990 00:00:00 GMT\r\npragma: no-cache\r\ncontent-length: 43\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"db04c7b378cb2db912c3ba8a5a774ee3","sha1":"dee34bd86c3484d31002182aa2b7caa4699126b8","sha256":"98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a","sha512":"826225fc21717d8861a05b9d2f959539aad2d2b131b2afed75d88fbca535e1b0d5a0da8ac69713a0876a0d467848a37a0a7f926aeafad8cf28201382d16466ab","ssdeep":"","tlshash":"6490000bca888002caa2c0302b8883022b88b0320228832e80bc30a8ee3b3a20c02000","first_seen":"2023-04-05T02:54:03Z","last_seen":"2026-04-04T14:48:36.482324Z","times_seen":355741,"resource_available":true,"data":null}},"time_used":35,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"obseu.blueridgeloop.com/mon","fqdn":"obseu.blueridgeloop.com","domain":"blueridgeloop.com","tld":"com"},"ip":{"addr":"34.251.101.162","port":443,"asn":16509,"as":"AMAZON-02","country":"Ireland","country_code":"IE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"http://ww38.lostinoffst.click/","date":"2026-03-02T22:31:45.145Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.blueridgeloop.com","organization":""},"issuer":{"commonName":"ZeroSSL ECC Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Thu, 29 Jan 2026 00:00:00 GMT","end":"Wed, 29 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F0:B4:9E:AB:EC:F1:B1:6E:FC:2F:30:44:A7:59:88:02:56:5A:C9:DE","sha256":"9E:F1:FB:78:7A:CB:8E:2E:8E:82:6B:A7:84:5B:3B:FC:89:B5:F5:3B:33:6A:29:2F:A5:BF:8E:80:6B:97:FF:E5"}}},"request":{"raw":"POST /mon HTTP/1.1\r\nHost: obseu.blueridgeloop.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 2562\r\nOrigin: http://ww38.lostinoffst.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: http://ww38.lostinoffst.click/\r\nCookie: cg_uuid=11217fc1f636366030d46fa5fb7c1cb1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST","post_data":{"size":2562,"data":"e=37dfbd8ee84e00126decc33cea408a999225c24f567d43d6da1908be6245cad7bd70a976710ce60ed89373bfe70e9c20c1e53e8d57138d642f17071a10acf9f29f6748838188007a6c1aa87e7402843dd962c404640125c503050967030cc7ed394e77be26bb25cb43e29a3aee5b6fb2092f6410df57fe5aecd2948a7fe07f52a13ad2a24710d14e681f2d1586d31c64e56ac8bf88b71208fe59f1d329e921c46bcf40e25c7ea8290ee95c400027db0b68acdebff079ef64fd718940a8116e71b9d637793a7a589513d0df4ca65b7de792b226537a30ca946c75ca92560c2c4124510cf38b2f627852a5fb4f2f8afea67b98b60a7a4c7df9a3f4c1cd25e8cfc248b5038e523d65cceb92a9e471d280f061856b4a95b9c3330751b06267b6cc4b27aa81a52bd950bc02acd7449b1c90d06dd82a61c38b2dd9798290bda2ccb0bd0b20f72fb6b9f2354367aed971eecb50af571413dd5f469795808899aacb70d82dd499a5987ffe3c2374c4366b959ed11667f3ee628d06e9980fd935a45952485bcb76f14dd0c4ba74bd842ecc11ebcf849b6bce170468fe7f1a58794568ecaa23ec059b8cc964a19e44f39b2bd694c2f83dd7f0a81f283e98e71e1ce2e45b0852aea2b47ab93b98e240f2e326b560bd329357c809d1aa3cdb0720e5af8e7b383e641f370d5c16c7fd9e38975be357445128e6b548d89a1c05febfdfb9a233c389b28ff080aa840d0e558316d5cb4b7291002042837157636de87aa8711bc6e2c1648a63c97ef9fc51b4ec70e4255a662053394ec6d2f8c9783e0cce0a4f87d2c7bab7cd510197b0ba7d95d1213ddedb653a37f8e8a82360fd59e3378d06f17ddb44c9c27895a620a0dfd1c092477efdb46a27d30af9dee1ef4fc332564352cd371d42bba1439db841888b91c954cd858f2f1c771aef2fa104b647f2dc3cd4204920413a7f77fd48cedc7147b36fdcb5aa768a9e5f86746fbd4e3f7fcaaac30047ef73fd92028544624258b63a2c82afd068d74567ccd001abdec1edd101c857502216f2733940ded4551aa836b9bb9d7193c1b45d4f76b06e281a49\u0026cri=K5wphmZFgP\u0026sf=0\u0026dc=JCwoMCBXMCcnfScwJycwJ1Z7YHl5MCdWJCMkMCdWJicgJTAnViIsIzAnVi0jIzAnViIgLDAnVi0jIzAnViIgJzAnViUwJ1YgMCdWLCQmMCdWLCQmMCBRMyYkKDAiVzAnJ2IwJycwJlQkIicwJ1YwJyd9MCcnMCZUIScwJ1YwJyd3SjAnJzAmVCQmMCJRMyIkKDAiVzAnJ3x7djAnJzAmVCQwJ1YwJyd3SjAnJzAmVCUwIlEzJCEkKDAiVzAnJ2YwJycwJlQkMCdWMCcnd0owJycwJlQlMCJRMyQgLCgwIlcwJydwJTAnJzAmVDAnJ2M7cnBhV3RhYXBnbDAnJXxmMCcle3phMCcldDAnJXNge3ZhfHp7MCcnMCdWMCcnd0owJycwJlQlMCJRMyYnIygwIFcwIlcwJyd3MCcnMCZUJTAnVjAnJ2YwJycwJlQwJyckMCcnMCJRMCdWMCJXMCcndzAnJzAmVCUwJ1YwJydmMCcnMCZUMCcnJDAnJzAiUTAgUTMgJyUoMCJXMCcnZTAnJzAmVDAnJ0J8eyYnMCcnMCdWMCcneTAnJzAmVDAgVzAnJ3B7OEBGMCcnMCdWMCcncHswJycwIFEwJ1YwJyd9djAnJzAmVCEtMCdWMCcnYnJjMCcnMCZUMCcnWHBmdDAnJzAnVjAnJ2JyZzAnJzAmVDAnJ3l5Y3hlfGVwMCcnMCdWMCcnd0owJycwJlQhLDAiUTMtIiEoMCJXMCcnZjAnJzAmVCUwJ1YwJydwMCcnMCZUMCcnRWB3eXx2XnBsVmdwcXB7YXx0eTAnJXxmMCcle3phMCclcXBzfHtwcTAnJzAnVjAnJ3dKMCcnMCZUJDAiUQ%3D%3D\u0026cp=1\u0026gtm=-\u0026gac=-\u0026uvid=a4d11dc99a373a3a7bf8cf2c4c5eae5723b19558\u0026tb=1\u0026ich=1\u0026ws=1280x1024\u0026wos=1280x1024\u0026ver=13\u0026fi=\u0026ti=1001\u0026mo=0\u0026pn=1961\u0026spn=958\u0026fp=476"}},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\naccess-control-allow-origin: http://ww38.lostinoffst.click\r\ncontent-type: application/json\r\ndate: Mon, 02 Mar 2026 22:31:45 GMT\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/json","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-04T14:49:32.922678Z","times_seen":13335470,"resource_available":true,"data":null}},"time_used":36,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-03-02","alert":"Sinkholed","trigger":"obseu.blueridgeloop.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}