{"report_id":"628ad961-de42-45de-9620-7bf95e6e3e2b","version":6,"status":"done","tags":[],"date":"2025-11-19T01:25:51Z","url":{"schema":"http","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"172.67.186.217","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"title":"flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"172.67.186.217","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"country_code":"zz"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-12-24T01:25:51Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":12}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"cdn.tapioni.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"ur.foretopheaved.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"ur.foretopheaved.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"a.labadena.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"x3os.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"na.nawpush.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"js.wpadmngr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"f24d034841.4319a692b9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"x3os.com","ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"domain_registered":"2021-03-18","domain_rank":19468,"first_seen":"2025-04-24T02:39:31.647355Z","last_seen":"2025-11-18T17:36:29.957633Z","alert_count":2,"request_count":2,"received_data":1668,"sent_data":1206,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"na.nawpush.com","ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2020-12-21","domain_rank":175362,"first_seen":"2020-12-23T08:18:12Z","last_seen":"2025-11-17T20:47:48.786725Z","alert_count":1,"request_count":1,"received_data":1620,"sent_data":493,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"my.rtmark.net","ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2014-10-29","domain_rank":43911,"first_seen":"2015-02-04T09:54:57Z","last_seen":"2025-11-17T01:58:33.671842Z","alert_count":0,"request_count":1,"received_data":842,"sent_data":445,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"lz.faenasturbit.com","ip":{"addr":"188.42.241.221","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-06-20","domain_rank":0,"first_seen":"2025-09-26T02:41:00.932867Z","last_seen":"2025-11-14T13:26:14.967256Z","alert_count":0,"request_count":1,"received_data":1517,"sent_data":435,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fp.metricswpsh.com","ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-10-29","domain_rank":154722,"first_seen":"2022-04-22T11:20:32Z","last_seen":"2025-11-17T08:45:09.148065Z","alert_count":2,"request_count":2,"received_data":831,"sent_data":1076,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"api.lixstreamingcaio.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-29","domain_rank":492115,"first_seen":"2025-06-01T10:17:55.903035Z","last_seen":"2025-11-14T21:25:48.655853Z","alert_count":0,"request_count":6,"received_data":5985,"sent_data":3425,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-11-16T22:16:29.209658Z","alert_count":0,"request_count":1,"received_data":18925,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ntvpforever.com","ip":{"addr":"167.235.163.216","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2021-11-18","domain_rank":18811,"first_seen":"2021-11-19T01:49:18Z","last_seen":"2025-11-17T18:32:19.963174Z","alert_count":0,"request_count":2,"received_data":681,"sent_data":1052,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"accuratephrase.com","ip":{"addr":"188.72.219.35","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2024-08-07","domain_rank":440697,"first_seen":"2024-08-17T02:04:15Z","last_seen":"2025-11-14T06:59:30.324913Z","alert_count":0,"request_count":2,"received_data":39323,"sent_data":1077,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"enrtx.com","ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2024-10-07","domain_rank":18023,"first_seen":"2024-11-04T09:19:58Z","last_seen":"2025-11-17T18:32:20.041374Z","alert_count":0,"request_count":1,"received_data":9841,"sent_data":502,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"29391925-36946-ex.coreadness.com","ip":{"addr":"88.208.22.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-08-28","domain_rank":0,"first_seen":"2025-11-19T01:25:54.728524Z","last_seen":"2025-11-19T01:25:54.728524Z","alert_count":0,"request_count":1,"received_data":2488,"sent_data":1408,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"36946.phidonatome.com","ip":{"addr":"88.208.22.4","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-08-24","domain_rank":0,"first_seen":"2025-10-25T22:33:45.251193Z","last_seen":"2025-11-10T18:08:21.061275Z","alert_count":0,"request_count":1,"received_data":32103,"sent_data":425,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ur.foretopheaved.com","ip":{"addr":"172.255.106.134","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-10","domain_rank":0,"first_seen":"2025-08-13T14:30:31.596497Z","last_seen":"2025-11-11T03:40:29.873803Z","alert_count":2,"request_count":1,"received_data":1425,"sent_data":434,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ads.google.com","ip":{"addr":"142.250.74.142","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":2062,"first_seen":"2013-08-25T13:03:13Z","last_seen":"2025-11-12T04:38:23.382162Z","alert_count":0,"request_count":1,"received_data":208,"sent_data":407,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-11-16T22:16:03.162694Z","alert_count":0,"request_count":1,"received_data":431598,"sent_data":440,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"bvtpk.com","ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2019-03-16","domain_rank":37068,"first_seen":"2025-05-21T11:34:02.786268Z","last_seen":"2025-11-12T04:22:12.576178Z","alert_count":0,"request_count":2,"received_data":223039,"sent_data":824,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2025-11-16T22:39:01.613573Z","alert_count":0,"request_count":3,"received_data":6931,"sent_data":1784,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"sm.videqqwuieyui.com","ip":{"addr":"34.126.238.65","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"domain_registered":"2025-08-11","domain_rank":0,"first_seen":"2025-10-25T09:37:06.805519Z","last_seen":"2025-11-17T08:56:30.089155Z","alert_count":0,"request_count":2,"received_data":6144544,"sent_data":1107,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"js.wpadmngr.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-06-02","domain_rank":77954,"first_seen":"2021-06-02T14:43:46Z","last_seen":"2025-11-18T00:33:32.995848Z","alert_count":1,"request_count":1,"received_data":146781,"sent_data":427,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.frankeye.pro","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-11-17T08:56:29.482426Z","last_seen":"2025-11-17T08:56:29.482426Z","alert_count":0,"request_count":2,"received_data":208208,"sent_data":921,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"www.flowdoodxwn.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-09-26","domain_rank":0,"first_seen":"2025-10-30T14:32:13.769774Z","last_seen":"2025-11-09T09:16:42.885058Z","alert_count":0,"request_count":8,"received_data":2898421,"sent_data":4025,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}]},{"fqdn":"nereserv.com","ip":{"addr":"167.235.163.216","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2020-12-21","domain_rank":17097,"first_seen":"2020-12-21T11:07:56Z","last_seen":"2025-11-17T19:50:51.234094Z","alert_count":4,"request_count":2,"received_data":644,"sent_data":1136,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"a.labadena.com","ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"domain_registered":"2020-01-21","domain_rank":266368,"first_seen":"2020-05-24T00:28:49Z","last_seen":"2025-11-12T22:42:08.99802Z","alert_count":5,"request_count":5,"received_data":5600,"sent_data":3116,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"f24d034841.4319a692b9.com","ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2025-10-20","domain_rank":0,"first_seen":"2025-11-19T01:25:54.711007Z","last_seen":"2025-11-19T01:25:54.711007Z","alert_count":1,"request_count":1,"received_data":345,"sent_data":849,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"cdn.tapioni.com","ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2021-05-27","domain_rank":177570,"first_seen":"2021-07-01T10:46:55Z","last_seen":"2025-11-17T13:27:52.355202Z","alert_count":5,"request_count":5,"received_data":942956,"sent_data":2092,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"driverhugoverblown.com","ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-03-12","domain_rank":75021,"first_seen":"2025-03-30T06:27:07.780857Z","last_seen":"2025-11-17T08:56:30.666425Z","alert_count":0,"request_count":4,"received_data":162740,"sent_data":3047,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"js.capndr.com","ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2021-08-30","domain_rank":156902,"first_seen":"2021-08-30T12:51:01Z","last_seen":"2025-11-18T03:36:06.824806Z","alert_count":2,"request_count":2,"received_data":96144,"sent_data":855,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"bereave.onelinevideo.com","ip":{"addr":"47.252.7.200","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United States","country_code":"US"},"domain_registered":"2025-04-21","domain_rank":486265,"first_seen":"2025-06-06T00:49:08.421363Z","last_seen":"2025-11-14T21:25:48.596467Z","alert_count":0,"request_count":2,"received_data":492,"sent_data":1066,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FZ6E2FXG92","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e4ac4d849151d543d000ebc3c4619461","sha1":"eddc7332f6380767f5f0ddc22abc6ad911f4a061","sha256":"92a32abbec0ef0a10c51f6d772aa8393ace100443424e38fcd3c60173639bc80","sha512":"682a1258213ddfb56f508c23f882f65b6b7d9d6f0be826d48142e65985f9082d6bcb01c048f1ae5ce161990ee8f0a5e182e0f6e30e555d71411b4d37d704ab00","ssdeep":"6144:X4J/7a9Xk16LcvOFjJNQRfJR8lubXkndxGbAeYaD8:XOja01jvOFdlubGt","tlshash":"e29419ce73d674265396f078502f018ba57b28a2b45cc89af1c9cde02e74a9a4177f7c","size":430994,"data":"","first_seen":"2025-11-19T01:26:03.476459Z","last_seen":"2025-11-19T01:26:03.476459Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"20c32381f2958704dbda31cb9899e749","sha1":"0d1f76bf765e0b54db0c3b4c5e52a593c00122d2","sha256":"289167e4f6166260213381fc3fcdabb568382bd426fb4774a2bd57fc4469cbef","sha512":"a0f4ae95a388456981c5f0b99af0f6fea7f1bd845a413b3ab910ba2c7dac1e9f4d3eec0f542a28a8034ea6bb849a466ad2d22beb0abdf5f0955400a37d99e7dc","ssdeep":"","tlshash":"b4c022b465a89030001800a9307bc6ad3830300865927084889d781c9a70ed30452c64","size":188,"data":"","first_seen":"2025-10-30T14:32:25.979508Z","last_seen":"2025-11-19T23:14:59.414178Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ur.foretopheaved.com/r4xjjmZUr51mvyQ/RNklR","fqdn":"ur.foretopheaved.com","domain":"foretopheaved.com","tld":"com"},"ip":{"addr":"172.255.106.134","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"848667c49f5d3aef59cd65ed276cd7ae","sha1":"bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763","sha256":"cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8","sha512":"4248ad0e684224ba8503b1e73517aae6ffe4431cd16b7633d2ccbf4b96f845e318dbee175d19cd4676ca37353f53add2231ed167ad6c4aa0d9fe185f7359238c","ssdeep":"","tlshash":"f23000000000000000cc00000000000000000000c000000000000000000000003c0000","size":5,"data":"","first_seen":"2025-04-24T10:17:49.831301Z","last_seen":"2026-04-05T12:07:16.230405Z","times_seen":14854,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accuratephrase.com/c.D/9Q6Cb/2f5el/SEW/QJ9ZNNj/Yn4tOaDHkl3dN/i/0-2gN/jagC4/OSTncd3I","fqdn":"accuratephrase.com","domain":"accuratephrase.com","tld":"com"},"ip":{"addr":"188.72.219.35","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"e3ee2a8b6c52ff6bdf3bf6074d33a796","sha1":"a0e200a91cad7efab0de9214174cd9a08e273c9a","sha256":"95d6c6b391dc5fead0e17685af8afc166d6ae7e7959c811ac74554eb718fa826","sha512":"212960c8861b14b50273ff6c4508e3318adb22762a2bdaf15759d05be1d2d2366c2701cb5c37dcda1a6c0d9f7943433c324204d8ce4869c0f866559a730cf236","ssdeep":"768:QZhdZg7J0OMLfTF9dFaQNp8JY29c6SboEBkleZ2YoOcLhlPPTgLgooDMiG82IG/e:QZ1g7JQLqQNp8Jr9c6SboEBkleZ2qcLF","tlshash":"a503a6c8b1c3642642ea507d713b7208b23a54655429f028bc79c8e4fcb9e9f8577bbd","size":38019,"data":"","first_seen":"2025-11-19T01:26:03.494883Z","last_seen":"2025-11-19T01:26:03.494883Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"092e2b349877bc9c386e836f29be1bd4","sha1":"fd0f42f7d52a8572916b03f91b6963dbc62287c6","sha256":"1f282bb3aecc3d11cf728f24052d5d575b0a24f1fa51d8570b0297213e58ea2f","sha512":"d0a3dc8ebac3a45be66824978435912ea0c89cc12bc918e1b920ae0b3607ec95701f9726c24af6364bb2c256c099881bebf47bf3c2c518e62be0ba76922512a1","ssdeep":"1536:TX3SvSfBAcXOXtDRQ++LNfU4IICZx6v8HN0SDhfkwdB7U4jMlDHQjN7Tc5tXQMS:TXC6J0xRV+LmdIOxP0SNzjN7Tc5tgZ","tlshash":"32b32bd672667469126e90244597ec0db5be8c80048d8db8f0e5fc722d74b22e3f7be9","size":110317,"data":"","first_seen":"2025-11-18T15:54:58.895631Z","last_seen":"2025-11-19T05:50:11.586994Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/ip-push.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3b4d2cef2d654ba5b8451f3274d2eec2","sha1":"bc0ccbcae68a88da5dbf353cd189aead463ddb9d","sha256":"8702933a72df2217e6c61d654f4494fe0b7814c4eed13205b52e6d024559e93d","sha512":"e64660c80c8580f2302fc44f2ee4162682f4ba80896fd60b1d03b2cc67d0c11d0e7bba180d2034baa52cbcd02ae9330e68f021f8fbeb0eaad970ae2e9fc5dafe","ssdeep":"1536:gmQEWeFL35kTTLy8UFV5tl2NuZ8UnbyVqb0IjzYrOpwQ4:XQEWeFWTTLy8mJHZ8mq","tlshash":"efd3628dbbc1b5a106a37064023f540af2b73a54b48fc8c0f669d5e06e7e94f6167e2d","size":134332,"data":"","first_seen":"2025-11-10T18:08:30.266138Z","last_seen":"2025-11-25T01:12:43.431593Z","times_seen":87,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpadmngr.com/static/adManager.js","fqdn":"js.wpadmngr.com","domain":"wpadmngr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"b2f0972afc8bc1fe3b080eb543a86b47","sha1":"ab71ef7d872e2a44f4aef851853fdf259f2fd746","sha256":"8c001a2bddac6af4af1e5aedba188d8fd9fd355208562fea36994d1418aadc68","sha512":"449884607fa6eb4ce120b484a0f3da066fa83bdc5f3bc14eb656d96606b9b47733d67876887b9218582b71d6b7445d8e55eab7adec3fc2463f2d6cce97eb22bf","ssdeep":"1536:ZaN12toXV0jtQyFem169zKKpKf7xbAQ9c+ts4aAUOPEH9ZoxlB5RnWM8k8MdnCjH:5Pemo9GqK9coDts0KnoxlTA7+da","tlshash":"78e34acdb2d2b07407e75059d83f1207b73a1a16b80c9058f6a6e9c17878dda9237f7a","size":146393,"data":"","first_seen":"2025-11-06T14:45:06.101541Z","last_seen":"2025-11-27T11:34:20.174539Z","times_seen":466,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.frankeye.pro/ecc874/fca3e5ee8e1d.js","fqdn":"www.frankeye.pro","domain":"frankeye.pro","tld":"pro"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"7c358a38fe209a10e2f8719400e7c60f","sha1":"d314ea7023d3597fa1990e360078fe70b0f7b25f","sha256":"49527ca559c345c49a1ea6b3624fa052d9fd76d73538a0414333ad4584906c6c","sha512":"b0d954ef2a287e72188c940f278b882461abbe7b8858788091576145747adacb81766bb8e3767154867d0076ee0dbeef73bd4b3c9c81a41fab7e347bb772ed1c","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvc:OijxEQq3P5Enne9zkWHLq","tlshash":"ffa33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","size":103673,"data":"","first_seen":"2025-11-17T08:56:37.631757Z","last_seen":"2025-11-19T07:52:14.537628Z","times_seen":27,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"c4b39905819a02943aab42aaa3ace049","sha1":"397c25ba91f8946c07fcd15b85dde33073d13cc0","sha256":"56b98849a8c00948afc8281671da6d0955145a28b9cab57cb3f3cb67803dc520","sha512":"45185272dd93386022e633bba5581ebd898db3eae1dac640eaab69d546c0f1037b10c423e2b94e8383cf196255c6fa96b4374e9ecad48cd30475491950b1e7c9","ssdeep":"","tlshash":"10c08ca82aab4c7110f73a428fbf21057016a3132090cd313e0eb6848f34e2bda94808","size":190,"data":"","first_seen":"2025-08-29T08:56:06.9123Z","last_seen":"2026-02-02T17:50:52.010918Z","times_seen":319,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/spots/494334?s1=1983049288540758018\u0026fs1=1\u0026i=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"62905b1c928699522e177e794796c3f2","sha1":"cf57b09fc747a14cc675262ba6dca85735192a7b","sha256":"6bc17fd21eeecb9b890e4971e29a17737cf57f2bbf026f3b08e769e50cb1c60d","sha512":"0a31eef0991a2048952f4faa6bd423b274022e870b9258cc39db9b3dbe94d0c8e5d9554b08a75bc63ddc7de6b0e38caa45e92683abcf79f1d444a75f5873edb8","ssdeep":"","tlshash":"5c517584d6e86217f62710b0dd7acb9f655ea24192194075eef726a9c3cc64c06712ca","size":2572,"data":"","first_seen":"2025-11-19T01:26:03.487885Z","last_seen":"2025-11-19T01:26:03.487885Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"36946.phidonatome.com/4/js/260941","fqdn":"36946.phidonatome.com","domain":"phidonatome.com","tld":"com"},"ip":{"addr":"88.208.22.4","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"327fca1e17453340ba213af0d4604c1d","sha1":"dfe805d25429693418fda9f7f52db1bfb1898187","sha256":"2a8e43ecc25725d219f72e512df536c1e7f4329a7941c4a38cfc28221817ce8a","sha512":"e07ab4667529d63e4522f3ac4aac2ccccf15da6427e68182cccb3f185fcfd2f7bba5a4719d87748098af25e738e4da544559ed657f75f9f04182eb8b5436412b","ssdeep":"768:HFmbr/4nqZVnyTPxVC2/R3hMwsZwJmvnDY87bBZzBPZvzXRb7iGqj:AyxnufF3qj","tlshash":"3ee22a95f996703043f7087a403f511af3361a94789e8460da2b99c22c66f8b837bf7d","size":31401,"data":"","first_seen":"2025-11-19T01:26:03.523394Z","last_seen":"2025-11-19T01:26:03.523394Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/users/494246?host=www.flowdoodxwn.com\u0026ev=224\u0026wh=1024\u0026ww=1280\u0026uuid=\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad\u0026i=1\u0026s1=1983049288540758018\u0026fs1=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"45d1b5e5ce4e58ea944a93fa93de9961","sha1":"06dda0be8ff538bdf71a7ae5778c7e06295de198","sha256":"8032f65199943722672b49b7956234db8ebd81a0aff66bac4ed073a89a6d6056","sha512":"b3872a9e15cf73403352efb5cec1d39e7d8e8e4df09b775a2edaaaf60fc1f17cf9b13983443c415962af5265f21350625a0dd2ce8ac4ba18cec05f36b5ffd9a6","ssdeep":"","tlshash":"5b01dd81829c65fb474860a3cd3d4f725a8e457467556056fa24830e58ca08142a019b","size":660,"data":"","first_seen":"2025-11-19T01:26:03.513468Z","last_seen":"2025-11-19T01:26:03.513468Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/main-BvvAt3kL-1763461621343.js","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"75ded8a23bdc488464ca89276cec9deb","sha1":"012ff67627ed4fb7c50033da6580270b435b4da1","sha256":"d2297cc166449287ab82daf7794d8f1fc57cb90c5e0f0f5aac465e1704357d7a","sha512":"399dd1e4852765dd467b01f5579edff609922a6a0b56b052c8c12202c57e9c783991ee4d7bf2b32b35a71215845818d1f9740d8198e9487f09306fa32e8b0ec2","ssdeep":"1536:EpR1KKXrrBFfGYkBvaW/a3CaHHq4FfYuFlrThZzY5Bxev7rIX7/ukoKFCFvo4N9q:EpTZZFfGYgHQHwqlZDkohsCGe0B","tlshash":"8aa38eed612d8e3dfc5609c1787a9534b828366af928c8c1f0bd3c025b94d8459ab7de","size":103773,"data":"","first_seen":"2025-11-19T01:26:03.483122Z","last_seen":"2025-11-19T01:26:03.483122Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/vendor-chunks-C1aPRBDq-1763461621343.js","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"importedModule","is_inline":false,"md5":"50d712bd0033f3622be3eb62bdf0ee37","sha1":"7e591c03cc188d65f46a25ff5547db7bb0d09633","sha256":"ac0d86604f2c0c30aa4a18d5e06d2d3971a3d22720676e860cdcb7775b0c7ead","sha512":"d075c1f6396bf475ae51a6ac8a3cf243b01f5f524a0e0b768d2a733ccb8c6a80191abba6e7cda7975ff5335eb0536f67f530b11eb6bed8a0e1173ca8c83e4618","ssdeep":"24576:TLgcTD3IaDerXpsBbIw98z6CS2dSG6MIIsPGiUcWFYMKduqC6:TscTD3IaDerXpsBbIw98z6Cz6MIIsPGK","tlshash":"b7454cd972a67062879361a4503f1207723a7d16248cc05cf63bf9ea2eb8d09647bf7d","size":1270326,"data":"","first_seen":"2025-11-03T21:11:09.356347Z","last_seen":"2025-11-19T23:14:59.417113Z","times_seen":55,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"092e2b349877bc9c386e836f29be1bd4","sha1":"fd0f42f7d52a8572916b03f91b6963dbc62287c6","sha256":"1f282bb3aecc3d11cf728f24052d5d575b0a24f1fa51d8570b0297213e58ea2f","sha512":"d0a3dc8ebac3a45be66824978435912ea0c89cc12bc918e1b920ae0b3607ec95701f9726c24af6364bb2c256c099881bebf47bf3c2c518e62be0ba76922512a1","ssdeep":"1536:TX3SvSfBAcXOXtDRQ++LNfU4IICZx6v8HN0SDhfkwdB7U4jMlDHQjN7Tc5tXQMS:TXC6J0xRV+LmdIOxP0SNzjN7Tc5tgZ","tlshash":"32b32bd672667469126e90244597ec0db5be8c80048d8db8f0e5fc722d74b22e3f7be9","size":110317,"data":"","first_seen":"2025-11-18T15:54:58.895631Z","last_seen":"2025-11-19T05:50:11.586994Z","times_seen":14,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/asg_embed.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe439ed2222d8c3e4eed412da17055c3","sha1":"27808772b3210cd7fbe67dfd71ee3c0a8fa5e20c","sha256":"d9e6d2d5de74e5ef74575e3fb2ed9679c30625de9dc24551959dcb9c70064f50","sha512":"21baa7d660683e476d1d8d80b473aeaa709dcbd5a058ef8c0de1b17adc6dc477dd029ee2136b2dc9dfbd4434e1c49f133d9b83882f45207f5b1864b1ce547cd0","ssdeep":"6144:cGdO0Ur4i8d+5csa6tZylzd+2TG5vH2aj0gpt9RO+JgtOrgfAs28wzxordsQmwZ9:srOd+OYREP","tlshash":"4334a689b6c1b0a403e3a1f4016f551af277b904744ec5c2f729d9d1aeb9a0e5a27f3c","size":244907,"data":"","first_seen":"2025-11-10T10:16:11.775638Z","last_seen":"2025-11-25T12:42:17.612638Z","times_seen":150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/vast-im.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"ef71e3a5fcdca2418129fff7f4e54e50","sha1":"10aee0abfddbfb0a11737088d393d5fe88ba24c0","sha256":"d685cc4df641365217ddcc69a3efcf9a6ad8b1535125dffd0a9df95bc0f46882","sha512":"a4951a72b5fef052521f78900f47c405563dfcb8c729a66c638eefb675dc50f2175433308dd2228118ff250944954d65abbc5a8b7f067937d922be440aa3007f","ssdeep":"3072:StY4dFHJC/KyWM8exrt9pGW18MHy3rxXqkPj92La7/rK/cJs83h3f2g:IdFg/KBeNt9j6JEkPj9iB/cy83h3fP","tlshash":"3a64a3c9b6c6b0a543e7b0b8403f520ef276a955b44ac9c0e266e9d1ac7c94e5037f7c","size":315377,"data":"","first_seen":"2025-11-10T18:08:30.221651Z","last_seen":"2025-11-25T08:32:30.006114Z","times_seen":106,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/asg_embed.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe439ed2222d8c3e4eed412da17055c3","sha1":"27808772b3210cd7fbe67dfd71ee3c0a8fa5e20c","sha256":"d9e6d2d5de74e5ef74575e3fb2ed9679c30625de9dc24551959dcb9c70064f50","sha512":"21baa7d660683e476d1d8d80b473aeaa709dcbd5a058ef8c0de1b17adc6dc477dd029ee2136b2dc9dfbd4434e1c49f133d9b83882f45207f5b1864b1ce547cd0","ssdeep":"6144:cGdO0Ur4i8d+5csa6tZylzd+2TG5vH2aj0gpt9RO+JgtOrgfAs28wzxordsQmwZ9:srOd+OYREP","tlshash":"4334a689b6c1b0a403e3a1f4016f551af277b904744ec5c2f729d9d1aeb9a0e5a27f3c","size":244907,"data":"","first_seen":"2025-11-10T10:16:11.775638Z","last_seen":"2025-11-25T12:42:17.612638Z","times_seen":150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/adgpt.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4b545479ce261f8f128bca42b01f2b48","sha1":"24a48b2711e0bdc8b80c1037760a9d6106a812c3","sha256":"8bc734c4ee2f7f3f39b1a1e7b57f483f31b108c553af0fe16bd17c7b2abe8a38","sha512":"0a1b3d7e3f89748fc6fc016db882aa8cc5b55e7576ef84f23f93409796d67900b1926385bfcec76ff2460135a2c511f1429e28c8a143af8eb6873e34afae8905","ssdeep":"","tlshash":"162165da31e0f8d213cb6956113f4009f2aa6c65157fa0d0c358cd75bcf8889a1a2faa","size":1285,"data":"","first_seen":"2025-11-10T10:16:11.78532Z","last_seen":"2025-11-25T02:54:33.370695Z","times_seen":160,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/users/494333?host=www.flowdoodxwn.com\u0026ev=224\u0026wh=1024\u0026ww=1280\u0026uuid=\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad\u0026i=1\u0026s1=1983049288540758018\u0026fs1=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"introduction_type":"scriptElement","is_inline":false,"md5":"bf8efbedb8e9e98e2d4cb84a8c533e51","sha1":"78f4bb2f7959f22a6bff51917d146b00ec5bfe27","sha256":"7c761bee5644dae36aba4c146b7d4a2eeaf4d669ccb6a9406f709d9ff6a4a667","sha512":"2a7b3a7c3a7c8aec11a1f47e0a5c459811afbe8b6bfabbd2714623daf467c390344abd544921dab1de46758c1056f850ff1babd5e12decc9eeaa03970a0225f0","ssdeep":"","tlshash":"56012d81938c65fb874890a3cc3d8fb64d8e48386b09a046fe74831a54ca08203a018b","size":672,"data":"","first_seen":"2025-11-19T01:26:03.502165Z","last_seen":"2025-11-19T01:26:03.502165Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"driverhugoverblown.com/get/2081141?id=2081141\u0026jp=_clxstvtugktknkzjalpulm\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.637-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=JT9HinlaHR0cHM6Ly93d3cuZmxvd2Rvb2R4d24uY29tL2UvS0J5aDBkeHU%2FbHYxPWNkbnZpZGVxLm9yZw\u0026afid=7152448171581440\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=1212\u0026rlp=%5B0%2C93%2C246%2C174%2C55811%2C7727%2C719%2C7363%2C1%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"driverhugoverblown.com","domain":"driverhugoverblown.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"033b7f14907756666d56f9316cac57d0","sha1":"cbab027c1f852a030b7e8e55fd6c4d93530ebabf","sha256":"bb5ba177b40434f987bfbfdc4f705df116f61aca5e1b310154cebdaf92577294","sha512":"39f2c7fed3b19659fe2eca112d080bad101163b91a31939adfdb3e4dffa9c030891439f04fcb0933f2c5c57ba99a09fbcb032bbf0b125714b2e0da12c803bb2c","ssdeep":"","tlshash":"87615fd5807be0285a4c5d822fbccc90d3d2cc50ae3fb4f1608d9997619d9bdcda12ad","size":3340,"data":"","first_seen":"2025-11-19T01:26:03.468159Z","last_seen":"2025-11-19T01:26:03.468159Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"81ecd7c59392edfa4254654202f453d2","sha1":"4d73a7bde5adf21114e03dfdfb8631d92887af64","sha256":"d17ff3bd2c3050a632dd6fbd5c617f267d8905dfa4e716e13f7530f9deea6ed1","sha512":"595611c1e03a96ee15b6f9101fa1a4cb6a7944b00868e425ffeed8b255576610fe83d4a804c42cede8e57e15be47dab626086e59d0a05955406d37b8ba295cc9","ssdeep":"","tlshash":"64e0c6ad1c8726306317103783bd864c7053f01381bae080388ce0ab3f20fea8c29ab8","size":383,"data":"","first_seen":"2025-11-17T08:56:43.663992Z","last_seen":"2026-02-02T17:50:52.01294Z","times_seen":202,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lz.faenasturbit.com/sSB8ld39qI9j8pgT/130607","fqdn":"lz.faenasturbit.com","domain":"faenasturbit.com","tld":"com"},"ip":{"addr":"188.42.241.221","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7a2939527fd9e68723da600e96d76bd","sha1":"a9e717b6364d2895ee0a716050db32ca0ef1bb42","sha256":"d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a","sha512":"e6956ec633c76eb3ebc408528f950b81373238cd1d5b9fff5ddd97089ea14a1ff5934f23769bac5d93cc4cdb6a1fbc4ce69baebfb940a55d8a7a89caccaf92b5","ssdeep":"","tlshash":"ec300000003000000000000000000000000c0000000000000000000000000c00000000","size":5,"data":"","first_seen":"2023-03-07T01:14:39Z","last_seen":"2026-04-05T10:55:23.316577Z","times_seen":13669,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"driverhugoverblown.com/on.js","fqdn":"driverhugoverblown.com","domain":"driverhugoverblown.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"fbfe0538eea0082ceddf9b3865adddee","sha1":"c0eefc510ed02dd390d3207d2ba019527b765961","sha256":"990eeb4c171f598a11168462220a4e5c8ac6b633541db5f3b7f806dfc392d3c3","sha512":"ae4bec7a3116540789ab50a7a038927d23a542d1cc53a4e8c6c3d64a2cdf3455bd0b36f0d3b0c307a6f5c4e366e2ac6a85a4b3210703fbf0ef894927bbb305ec","ssdeep":"1536:Zr99edSf1mHoH41wszIkopbfynmEDzcOJlhenn+ggar+rmk9E/ydzBY1AAt:ZreS10oHiRIkYbfyYOJvrmnTt","tlshash":"f1e3768cfa4b2435426fb0794c2f662ade27c8d1a45dc0c6d8abd1d93d789069131efb","size":154927,"data":"","first_seen":"2025-11-17T20:23:14.342378Z","last_seen":"2025-11-24T09:31:58.868453Z","times_seen":157,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"driverhugoverblown.com/check.html","fqdn":"driverhugoverblown.com","domain":"driverhugoverblown.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f2e0cd22b41fa7c9212af0b11f449d3","sha1":"6c552632a2eeaa712496444594c3e8c68eadbbb0","sha256":"d7ca5af269e02e5109a61ef55df0196e2206204d6c742daba5a153defc097fda","sha512":"c90bb9984fc0b2a5374129cb10fc509e937ba565063e2530578430fb0329f8058c145c914de139fa166d8530cfff9799a8c78aa1ad2752d9ec72e24c0fed477c","ssdeep":"","tlshash":"d201685934f5684d5127b630255b22182d32a40325cbd94efb2cdb301f825a7eca8aef","size":762,"data":"","first_seen":"2025-03-07T08:34:13.499254Z","last_seen":"2026-03-04T07:06:03.173543Z","times_seen":7245,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/popunder-admanager/build.m.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fcd0ce6da93385c2aae7faae9ee533d","sha1":"4e81cc0eb5a5e4a80ac043722254a206a2467d21","sha256":"044cbb4a44b387749d187da88b0888e8ff2da383ca1bf3bf8390752a90aa322d","sha512":"877349afc430e39cd8267d0f2c544022abd64568136237d5f8ba8aa0bf90138755fad1b45c30e34e530f757291b27924da67f4f040146f5c75b06aa012ff52b8","ssdeep":"768:ubVWcprcLsdOKo/+PDPfVal3ATlP8JnU2qbJ/XSURcq3TG9sh8sf2x22Zf4dsU9w:WkmOK1Nh8J0/tddEf","tlshash":"899318cdb7d2b07043b765ba902f151ab33f2a09b809441cf969d9d138ad84e9327f79","size":95357,"data":"","first_seen":"2025-11-10T18:08:30.272513Z","last_seen":"2026-03-28T06:35:34.362837Z","times_seen":308,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"20c32381f2958704dbda31cb9899e749","sha1":"0d1f76bf765e0b54db0c3b4c5e52a593c00122d2","sha256":"289167e4f6166260213381fc3fcdabb568382bd426fb4774a2bd57fc4469cbef","sha512":"a0f4ae95a388456981c5f0b99af0f6fea7f1bd845a413b3ab910ba2c7dac1e9f4d3eec0f542a28a8034ea6bb849a466ad2d22beb0abdf5f0955400a37d99e7dc","ssdeep":"","tlshash":"b4c022b465a89030001800a9307bc6ad3830300865927084889d781c9a70ed30452c64","size":188,"data":"","first_seen":"2025-10-30T14:32:25.979508Z","last_seen":"2025-11-19T23:14:59.414178Z","times_seen":50,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"12dd498bf90c536803c2aad708b66c2b","sha1":"5f9363d39a405d1c94328cf2303ff4a05c0ad163","sha256":"c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a","sha512":"ec593a501ebf74c092e564a1aaf0b477d3da6813c9a88f29d0d2a0db8143bdf19718ba4e6b13f64295b077ca5cb9c13460c30f9f2f35982a82597b22f79ffdd1","ssdeep":"192:l3GySZoj5oOg8pu564aEzn5nVMnyk3sBakk3cx7x0IlQV0Hf1b5SwU+ahpfex/W9:lWytjU64auV0ISjyW5RAe","tlshash":"6f82b38cb295f0b553d710b5403f910fe2366928654ec4d8f288d5ea2c7899d663bf3d","size":17908,"data":"","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T10:26:25.820991Z","times_seen":7030,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-11-19T01:25:27.393Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /e/KByh0dxu?lv1=cdnvideq.org HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:27 GMT\r\ncontent-type: text/html\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A96844A47B11FDDDF86AF0AE8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=py%2BpAkZHru0zOTidq1AA71HPLnJRFCRpCDrkfiX1w56DyvuvKmEQQWBLmm21Bss9yq6lVYcX%2BFFnDZsHTfEmA%2Fwzj%2BKuJ9qyw9DDIZvXYNbd\"}]}\r\nlast-modified: Tue, 18 Nov 2025 10:27:12 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nx-ccdn-expires: 2538664\r\nvia: EU-ESP-madrid-AREA1-CACHE6[2],EU-ESP-madrid-AREA1-CACHE4[0,TCP_HIT,2],EU-IRL-dublin-GLOBAL1-CACHE1[4],EU-IRL-dublin-GLOBAL1-CACHE18[0,TCP_HIT,3]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 69a9ac9723ac3d210db5fc9e4919c135\r\nnginx-hit: 1\r\nage: 53336\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9a0be9ee68a2b51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]}],"data":{"size":2018,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"c34918feb6a7c8e0ebda3a6796dfd70b","sha1":"605278142c39331c87ee38c5237f2ebc904333c3","sha256":"39bc8f5e341ab02c925a62428c2cab425b9e10f122733cf96d01f9af4612b4a9","sha512":"968623af6c0ee6f219dea2e6ddcefb56edc221bac45b4fcca6869e81e574d268d4761227f10d4adfe2ccb97ef90d4eeb81e8b8bc1c6d0c353c9ff525b39b291a","ssdeep":"","tlshash":"6641319b2de3884924205e556fd2f228ae56b2035b19ed4475ee727ccf85b83cdc38a4","first_seen":"2025-11-19T01:26:03.456971Z","last_seen":"2025-11-19T01:26:03.456971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":397,"timings":{"blocked":35,"dns":11,"connect":1,"send":0,"wait":327,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/vendor-chunks-C1aPRBDq-1763461621343.js","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:28.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /assets/vendor-chunks-C1aPRBDq-1763461621343.js HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:28 GMT\r\ncontent-type: application/x-javascript\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A9681D987B2DAAB07509C2B9F\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 18 Nov 2025 10:27:12 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nvia: EU-FRA-marseille-EDGE3-CACHE11[2],EU-FRA-marseille-EDGE3-CACHE16[0,TCP_HIT,1],EU-IRL-dublin-GLOBAL1-CACHE1[226],EU-IRL-dublin-GLOBAL1-CACHE3[223,TCP_MISS,225]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 2f9a10446fdf935e5bc77b9f2c6cfe31\r\nnginx-hit: 1\r\nage: 2929\r\nx-ccdn-expires: 2591105\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=OoJOcoTOZxtQP4%2BhFdSW8hhnsOPHHcRdDYPZsEmPnBYiR0xafWc3Rpd6dvDLdpVvzYaiQuC9W3xSM87KJvJsJ8%2Baq5GAeVkGM1ZEwJeGRErg\"}]}\r\netag: W/\"50d712bd0033f3622be3eb62bdf0ee37\"\r\ncontent-encoding: br\r\ncf-ray: 9a0be9f32bdf568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1270326,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (37925)","md5":"d5ffa44357e80f1c65fe87c30587f50b","sha1":"49a1b3fff2091d1562aa749bccd4c98a4cd4ed15","sha256":"966cc679f98dd01db5c608878ab396b5825fdcfbe3264cd2f00989ae989c64ca","sha512":"324ae875fa279ce79883c0ce2e7c6e6eb6fb740c232bee33e83c8734e73a4a89856d3e8ed9d544f98139564b8df901ee315833ef562df7b88f94eb6701e8b4a6","ssdeep":"24576:TLgcTD3IaDerXpsBbIw98z6CS2dSG6MIIsPGiUcWFYMKduqC8:TscTD3IaDerXpsBbIw98z6Cz6MIIsPGs","tlshash":"26254bd932a6706287d361a4503f5207723a7d16248cc45cf63af9ea2eb8d09647bf7c","first_seen":"2025-11-03T21:11:09.309439Z","last_seen":"2026-01-18T18:49:56.054383Z","times_seen":122,"resource_available":false,"data":null}},"time_used":47,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":11,"receive":36,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/asg_embed.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.tapioni.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 14:57:20 GMT","end":"Fri, 13 Feb 2026 15:57:18 GMT"},"fingerprint":{"sha1":"80:2D:1E:ED:7E:27:75:C8:26:5C:5A:67:67:AE:0B:64:50:E0:CB:35","sha256":"12:CD:2F:65:36:49:D1:F0:8F:A7:6A:68:FF:9C:96:CC:70:D2:75:FE:A5:51:07:CC:D0:AA:5A:75:18:DC:8D:61"}}},"request":{"raw":"GET /asg_embed.js HTTP/1.1\r\nHost: cdn.tapioni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 76922\r\nserver: cloudflare\r\nlast-modified: Mon, 10 Nov 2025 10:05:03 GMT\r\nvary: Accept-Encoding\r\netag: \"6911b8cf-12c7a\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\nage: 604\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\ncf-ray: 9a0bea023e0cb503-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":244907,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65503), with no line terminators","md5":"fe439ed2222d8c3e4eed412da17055c3","sha1":"27808772b3210cd7fbe67dfd71ee3c0a8fa5e20c","sha256":"d9e6d2d5de74e5ef74575e3fb2ed9679c30625de9dc24551959dcb9c70064f50","sha512":"21baa7d660683e476d1d8d80b473aeaa709dcbd5a058ef8c0de1b17adc6dc477dd029ee2136b2dc9dfbd4434e1c49f133d9b83882f45207f5b1864b1ce547cd0","ssdeep":"6144:cGdO0Ur4i8d+5csa6tZylzd+2TG5vH2aj0gpt9RO+JgtOrgfAs28wzxordsQmwZ9:srOd+OYREP","tlshash":"4334a689b6c1b0a403e3a1f4016f551af277b904744ec5c2f729d9d1aeb9a0e5a27f3c","first_seen":"2025-11-10T10:16:11.775638Z","last_seen":"2025-11-25T12:42:17.612638Z","times_seen":150,"resource_available":true,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"cdn.tapioni.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ur.foretopheaved.com/r4xjjmZUr51mvyQ/RNklR","fqdn":"ur.foretopheaved.com","domain":"foretopheaved.com","tld":"com"},"ip":{"addr":"172.255.106.134","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.604Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ur.foretopheaved.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 14 Sep 2025 09:56:09 GMT","end":"Sat, 13 Dec 2025 09:56:08 GMT"},"fingerprint":{"sha1":"91:AA:F1:1B:14:24:36:CD:6B:51:31:6E:5E:C4:CF:18:8E:A6:40:19","sha256":"C9:CD:6B:8D:1D:0B:25:5F:FC:34:0D:27:E0:29:A6:64:DE:36:11:67:88:AF:25:45:05:AA:32:99:35:95:94:EE"}}},"request":{"raw":"GET /r4xjjmZUr51mvyQ/RNklR HTTP/1.1\r\nHost: ur.foretopheaved.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-headers: content-type, gyfr29qt4j80vdr0zhsj, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Thu, 20-Nov-2025 01:25:30 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwViD0LglAYRu99ESGS4gGHRpdW0VLBJSTndGhoaBILEcRXrtrH1F9pb4r%2BVWtTWzacA%2BcIIcicgsoGRujaoWN7C9v1PcgClKSgvIaesDpnV0gFcpYgVWOcthVbMfd1N%2Fwc2r8hS0zWVXmxtlz1Xcl1CxoYxawaVll3hGx0Cer47%2FZgCsiTPgNVmRFtPu9Xcf8OwUY0vz33u9UD1LTQHD8IfrcSKq4%3D; expires=Thu, 20-Nov-2025 01:25:30 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"848667c49f5d3aef59cd65ed276cd7ae","sha1":"bd12c0ca2dfaa249586f1b9b8d48b02a1b9e3763","sha256":"cc5a5851251dd8052292557ba0231c51363ff1474f60b7a4af3be144cb1327c8","sha512":"4248ad0e684224ba8503b1e73517aae6ffe4431cd16b7633d2ccbf4b96f845e318dbee175d19cd4676ca37353f53add2231ed167ad6c4aa0d9fe185f7359238c","ssdeep":"","tlshash":"f23000000000000000cc00000000000000000000c000000000000000000000003c0000","first_seen":"2025-04-24T10:17:49.831301Z","last_seen":"2026-04-05T12:07:16.230405Z","times_seen":14854,"resource_available":true,"data":null}},"time_used":307,"timings":{"blocked":144,"dns":94,"connect":18,"send":0,"wait":21,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"ur.foretopheaved.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"ur.foretopheaved.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"driverhugoverblown.com/on.js","fqdn":"driverhugoverblown.com","domain":"driverhugoverblown.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.610Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driverhugoverblown.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 14:23:57 GMT","end":"Wed, 21 Jan 2026 14:23:56 GMT"},"fingerprint":{"sha1":"AB:39:B2:8C:70:D6:0B:38:B0:1E:73:99:51:2D:35:30:EA:6B:4A:70","sha256":"86:18:14:14:6C:52:E9:C3:AC:03:AF:10:49:19:37:24:9D:9A:36:E6:1A:05:C8:1C:8E:69:BE:53:1E:CE:6F:65"}}},"request":{"raw":"GET /on.js HTTP/1.1\r\nHost: driverhugoverblown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Mon, 17 Nov 2025 14:23:31 GMT\r\nvary: Accept-Encoding\r\netag: W/\"691b2fe3-25d2f\"\r\nexpires: Wed, 26 Nov 2025 01:25:30 GMT\r\ncache-control: max-age=604800\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":154927,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fbfe0538eea0082ceddf9b3865adddee","sha1":"c0eefc510ed02dd390d3207d2ba019527b765961","sha256":"990eeb4c171f598a11168462220a4e5c8ac6b633541db5f3b7f806dfc392d3c3","sha512":"ae4bec7a3116540789ab50a7a038927d23a542d1cc53a4e8c6c3d64a2cdf3455bd0b36f0d3b0c307a6f5c4e366e2ac6a85a4b3210703fbf0ef894927bbb305ec","ssdeep":"1536:Zr99edSf1mHoH41wszIkopbfynmEDzcOJlhenn+ggar+rmk9E/ydzBY1AAt:ZreS10oHiRIkYbfyYOJvrmnTt","tlshash":"f1e3768cfa4b2435426fb0794c2f662ade27c8d1a45dc0c6d8abd1d93d789069131efb","first_seen":"2025-11-17T20:23:14.342378Z","last_seen":"2025-11-24T09:31:58.868453Z","times_seen":157,"resource_available":true,"data":null}},"time_used":221,"timings":{"blocked":90,"dns":20,"connect":18,"send":0,"wait":34,"receive":0,"ssl":49},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"driverhugoverblown.com/get/2081141?id=2081141\u0026jp=_clxstvtugktknkzjalpulm\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.637-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=JT9HinlaHR0cHM6Ly93d3cuZmxvd2Rvb2R4d24uY29tL2UvS0J5aDBkeHU%2FbHYxPWNkbnZpZGVxLm9yZw\u0026afid=7152448171581440\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=1212\u0026rlp=%5B0%2C93%2C246%2C174%2C55811%2C7727%2C719%2C7363%2C1%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"driverhugoverblown.com","domain":"driverhugoverblown.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driverhugoverblown.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 14:23:57 GMT","end":"Wed, 21 Jan 2026 14:23:56 GMT"},"fingerprint":{"sha1":"AB:39:B2:8C:70:D6:0B:38:B0:1E:73:99:51:2D:35:30:EA:6B:4A:70","sha256":"86:18:14:14:6C:52:E9:C3:AC:03:AF:10:49:19:37:24:9D:9A:36:E6:1A:05:C8:1C:8E:69:BE:53:1E:CE:6F:65"}}},"request":{"raw":"GET /get/2081141?id=2081141\u0026jp=_clxstvtugktknkzjalpulm\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.637-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=JT9HinlaHR0cHM6Ly93d3cuZmxvd2Rvb2R4d24uY29tL2UvS0J5aDBkeHU%2FbHYxPWNkbnZpZGVxLm9yZw\u0026afid=7152448171581440\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=1212\u0026rlp=%5B0%2C93%2C246%2C174%2C55811%2C7727%2C719%2C7363%2C1%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0 HTTP/1.1\r\nHost: driverhugoverblown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-route-id: config\r\nset-cookie: UID=25111820256f9fe2551d7c475c87a1c1d0c0; Path=/; Expires=Wed, 23 Dec 2026 01:25:31 GMT; Secure; SameSite=None\nCHCK=1; Path=/; Expires=Wed, 23 Dec 2026 01:25:31 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Wed, 23 Dec 2026 01:25:31 GMT; Secure; SameSite=None\r\ncontent-encoding: gzip\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3340,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (3340), with no line terminators","md5":"033b7f14907756666d56f9316cac57d0","sha1":"cbab027c1f852a030b7e8e55fd6c4d93530ebabf","sha256":"bb5ba177b40434f987bfbfdc4f705df116f61aca5e1b310154cebdaf92577294","sha512":"39f2c7fed3b19659fe2eca112d080bad101163b91a31939adfdb3e4dffa9c030891439f04fcb0933f2c5c57ba99a09fbcb032bbf0b125714b2e0da12c803bb2c","ssdeep":"","tlshash":"87615fd5807be0285a4c5d822fbccc90d3d2cc50ae3fb4f1608d9997619d9bdcda12ad","first_seen":"2025-11-19T01:26:03.468159Z","last_seen":"2025-11-19T01:26:03.468159Z","times_seen":1,"resource_available":true,"data":null}},"time_used":68,"timings":{"blocked":47,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/advertising.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.125Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.capndr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 02:32:03 GMT","end":"Sun, 11 Jan 2026 02:32:02 GMT"},"fingerprint":{"sha1":"4F:91:E2:5E:A1:B1:4D:7F:49:01:1E:73:C6:07:EB:0A:BE:44:4C:44","sha256":"7B:0D:8E:03:0E:6E:23:65:30:3D:E8:FC:0C:E7:66:46:E2:5B:7F:FA:FD:D2:FF:61:4C:A4:18:08:24:70:51:6B"}}},"request":{"raw":"GET /advertising.js HTTP/1.1\r\nHost: js.capndr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nlast-modified: Fri, 14 Jul 2023 08:23:25 GMT\r\netag: \"64b105fd-0\"\r\nexpires: Wed, 19 Nov 2025 01:30:31 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1747\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":144,"timings":{"blocked":56,"dns":13,"connect":25,"send":0,"wait":21,"receive":1,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=349919","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.965Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 11:47:47 GMT","end":"Sun, 08 Feb 2026 11:47:46 GMT"},"fingerprint":{"sha1":"05:1E:63:2F:40:1F:87:C3:0D:F0:42:C7:EA:E8:B1:D8:6F:76:7C:FC","sha256":"1C:13:0E:F6:58:8A:8C:D7:DE:1F:9F:20:D5:17:50:15:02:D5:C8:8E:39:40:68:3F:01:24:F2:73:14:BA:25:0F"}}},"request":{"raw":"POST /fp?tag_id=349919 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 1970\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.20.1\r\nDate: Wed, 19 Nov 2025 01:25:31 GMT\r\nContent-Type: application/json; charset=UTF-8\r\nContent-Length: 60\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Origin: https://www.flowdoodxwn.com\r\nSet-Cookie: id=12276421194995410132; Expires=Thu, 19 Nov 2026 01:25:31 GMT; Secure; SameSite=None\r\nVary: Origin\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":60,"size_decoded":0,"mime_type":"application/json; charset=UTF-8","magic":"JSON text data","md5":"a53e936f5aed8f51fde120eebf3ec8df","sha1":"306e4810969991f8d2fdff17da714d645675ad51","sha256":"6a1f16f8062843b82cf44375eb852db6710543fe70f67aa6fdd4cd10e6b0cf78","sha512":"044eebb9b90e2fd4370aeea1bc39cbeeb99560f6d850cd4c41af9d637908474326ff4d4b6ecf96a83de60d601274e3330d38387dad508616582fbd9054d7709b","ssdeep":"","tlshash":"24a002e3aac01107a0608310c24718168e487d30f41313400544c743a07a08036d2085","first_seen":"2025-07-26T23:55:29.904633Z","last_seen":"2026-04-05T11:40:12.599635Z","times_seen":968,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":-1,"dns":97,"connect":24,"send":0,"wait":25,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/main-DtLy6mw--1763461621343.css","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:27.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /assets/main-DtLy6mw--1763461621343.css HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:27 GMT\r\ncontent-type: text/css\r\npriority: u=2,i=?0\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A9681D8C1B2D2913A431FFAFB\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 18 Nov 2025 10:27:11 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nvia: EU-FRA-marseille-EDGE3-CACHE4[2],EU-FRA-marseille-EDGE3-CACHE3[0,TCP_HIT,1],EU-IRL-dublin-GLOBAL1-CACHE12[558],EU-IRL-dublin-GLOBAL1-CACHE4[375,TCP_MISS,557]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 4841192a36b2c053201b204b02a36499\r\nnginx-hit: 1\r\nage: 2929\r\nx-ccdn-expires: 2591104\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8KhcpR6VC8IsdLaFtcYsmaoT1uQOGMvh8dFJGI5hchSYTYzue1fEDpygBoR80HV3Lo176Rj14L47u95aK9LioybI%2FnCNvtD3X0YCTjw5vfx1\"}]}\r\netag: W/\"a71c01f88c1506400d72b3f551f080d0\"\r\ncontent-encoding: br\r\ncf-ray: 9a0be9f17b70568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":65094,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65093)","md5":"a71c01f88c1506400d72b3f551f080d0","sha1":"1683561edd1663727ffbdd160efd63683dd622b0","sha256":"fa312a0ea1d273f6ac603fbf224ed99a445c73de83f5f41072258fa169362b60","sha512":"9e8837d27dc1577f23fe9875525e1287abefb2d77a27bc7e03ec524c0af9d10f5fb1bef2bd23d33df5b99e704712f6fa5a6d5c30217aafc45d0871df0b700213","ssdeep":"1536:cSMWKbZ2v1/YVP5cgQ5qNsmbHDXEfSCZDfhTwDzfTK2HnO0iyAoP7GitdtmnyWlM:rKbZ2vmVh7Q5qNsmbHDXEfpDfhTwDzf3","tlshash":"dc538421b6174129b833b9e6e5d4ab5e31349d0ec922c7ddf601b52dcece3a5243722e","first_seen":"2025-11-19T01:26:03.472083Z","last_seen":"2025-11-19T01:26:03.472083Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":15,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.lixstreamingcaio.com/v2/s/assets/f?id=3d5084d2-3479-45b1-a1bd-beb6db65766d\u0026uid=1983049288540758018","fqdn":"api.lixstreamingcaio.com","domain":"lixstreamingcaio.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.357Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lixstreamingcaio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 09:33:43 GMT","end":"Wed, 21 Jan 2026 10:32:28 GMT"},"fingerprint":{"sha1":"4B:56:A4:B4:FD:CC:C3:10:87:7C:9D:AF:AA:DD:15:76:A6:A6:24:82","sha256":"47:9F:6B:6B:87:90:3E:BD:D7:80:43:FF:15:2C:13:C1:55:79:08:46:0A:9F:49:69:9F:4A:06:B8:50:C5:B3:3A"}}},"request":{"raw":"OPTIONS /v2/s/assets/f?id=3d5084d2-3479-45b1-a1bd-beb6db65766d\u0026uid=1983049288540758018 HTTP/1.1\r\nHost: api.lixstreamingcaio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: GET\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.flowdoodxwn.com/\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-length: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE\r\naccess-control-allow-headers: content-type\r\naccess-control-expose-headers: X-Error-Code\r\naccess-control-allow-credentials: true\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=i5mWTRTGtf1CqGidm4U9XH79K58%2FBx4sypOJO%2BnWVsTUIBBEDh%2FQVYZwUuqoHF6UdJXWyZaZlYzpCuotOhEICNS6qK1KEqhzLjpz%2FqiO6epFve5e9JM%3D\"}]}\r\ncf-ray: 9a0be9fa7dfd56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":200,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":200,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bereave.onelinevideo.com/moire/calibre/eclipse","fqdn":"bereave.onelinevideo.com","domain":"onelinevideo.com","tld":"com"},"ip":{"addr":"47.252.7.200","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.380Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bereave.onelinevideo.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Mon, 21 Apr 2025 00:00:00 GMT","end":"Mon, 20 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E0:8E:3E:B2:04:D3:F1:8E:24:9D:86:3A:9E:82:A4:F5:45:3F:D1:AD","sha256":"92:99:82:77:56:12:E5:7A:6F:E4:9E:E1:33:D0:ED:6E:11:A4:AF:65:E4:1A:60:B9:75:F8:9B:59:74:D7:01:8B"}}},"request":{"raw":"POST /moire/calibre/eclipse HTTP/1.1\r\nHost: bereave.onelinevideo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 917\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: no-store\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":38,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"07167e1f8161444c6d57fc43cacb2442","sha1":"65b597a19145f7dbf192394095058ce18835d638","sha256":"1de8c249867760504b2ff8a9c794fc4432870af2a5133a4f146184f2ffc5a106","sha512":"b0c1af7d4026d5e788ddf9ee7e4e3452d151b0c55c6ecfd611bf48bc805849d55ee4b40b655566ff5b9dd2210aa6da0e0877c7775be0cf248fcdcefdbaa76f6e","ssdeep":"","tlshash":"768004c45dfd711c007dc455150151c75474001404541115131151dcc0c135d11d5514","first_seen":"2025-11-19T01:26:03.474654Z","last_seen":"2025-11-19T01:26:03.474654Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1162,"timings":{"blocked":529,"dns":99,"connect":102,"send":0,"wait":104,"receive":0,"ssl":326},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ads.google.com/","fqdn":"ads.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"142.250.74.142","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.602Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"adwords.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:34:53 GMT","end":"Mon, 19 Jan 2026 08:34:52 GMT"},"fingerprint":{"sha1":"18:12:87:2F:99:A4:11:BF:67:C5:75:13:D1:57:4F:07:B4:7D:94:F9","sha256":"1D:BE:1D:48:B0:C4:15:87:B7:22:B0:A0:C6:44:D0:7D:17:2D:C0:FE:0A:FA:A3:50:ED:72:58:40:FD:96:02:56"}}},"request":{"raw":"HEAD / HTTP/1.1\r\nHost: ads.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"HEAD"},"response":{"raw":"HTTP/2 429 Too Many Requests\r\ncontent-length: 1103\r\ncontent-type: text/html; charset=UTF-8\r\ndate: Wed, 19 Nov 2025 01:25:32 GMT\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"429","status_text":"Too Many Requests","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":872,"timings":{"blocked":178,"dns":0,"connect":8,"send":0,"wait":513,"receive":0,"ssl":170},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=3328a943-79be-4d37-9805-f51cc2f07eca\u0026subid=1450210302\u0026spot_id=1457063\u0026created_at=2025-11-19\u0026timezone=0\u0026ver=1.170.1","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"167.235.163.216","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:00:40 GMT","end":"Sat, 24 Jan 2026 02:00:39 GMT"},"fingerprint":{"sha1":"2B:72:A9:3F:14:00:92:B9:05:AC:BC:3B:22:CB:D9:87:80:23:C8:3D","sha256":"60:5B:BA:7E:5F:7A:B1:E0:55:4D:4C:29:EA:C7:21:68:37:AF:03:5B:A7:3D:15:98:F1:65:96:AB:4A:3E:17:3B"}}},"request":{"raw":"GET /in/dip?event_id=3328a943-79be-4d37-9805-f51cc2f07eca\u0026subid=1450210302\u0026spot_id=1457063\u0026created_at=2025-11-19\u0026timezone=0\u0026ver=1.170.1 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":316,"timings":{"blocked":145,"dns":60,"connect":26,"send":0,"wait":25,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-FZ6E2FXG92","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.74.136","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:27.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:33:43 GMT","end":"Mon, 19 Jan 2026 08:33:42 GMT"},"fingerprint":{"sha1":"4E:9E:D1:61:E4:7D:C2:8A:B6:AD:D2:31:C7:07:01:E4:DB:A0:A7:A9","sha256":"C5:DD:D4:CA:97:B7:B5:8C:B4:99:E8:56:30:AC:1B:F0:FD:7C:5A:FD:19:ED:13:D0:27:D6:0B:76:C7:C7:A0:66"}}},"request":{"raw":"GET /gtag/js?id=G-FZ6E2FXG92 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Wed, 19 Nov 2025 01:25:28 GMT\r\nexpires: Wed, 19 Nov 2025 01:25:28 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 142942\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":430994,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"e4ac4d849151d543d000ebc3c4619461","sha1":"eddc7332f6380767f5f0ddc22abc6ad911f4a061","sha256":"92a32abbec0ef0a10c51f6d772aa8393ace100443424e38fcd3c60173639bc80","sha512":"682a1258213ddfb56f508c23f882f65b6b7d9d6f0be826d48142e65985f9082d6bcb01c048f1ae5ce161990ee8f0a5e182e0f6e30e555d71411b4d37d704ab00","ssdeep":"6144:X4J/7a9Xk16LcvOFjJNQRfJR8lubXkndxGbAeYaD8:XOja01jvOFdlubGt","tlshash":"e29419ce73d674265396f078502f018ba57b28a2b45cc89af1c9cde02e74a9a4177f7c","first_seen":"2025-11-19T01:26:03.476459Z","last_seen":"2025-11-19T01:26:03.476459Z","times_seen":1,"resource_available":true,"data":null}},"time_used":287,"timings":{"blocked":82,"dns":1,"connect":23,"send":0,"wait":44,"receive":60,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/ip-push.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.391Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.tapioni.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 14:57:20 GMT","end":"Fri, 13 Feb 2026 15:57:18 GMT"},"fingerprint":{"sha1":"80:2D:1E:ED:7E:27:75:C8:26:5C:5A:67:67:AE:0B:64:50:E0:CB:35","sha256":"12:CD:2F:65:36:49:D1:F0:8F:A7:6A:68:FF:9C:96:CC:70:D2:75:FE:A5:51:07:CC:D0:AA:5A:75:18:DC:8D:61"}}},"request":{"raw":"GET /ip-push.js HTTP/1.1\r\nHost: cdn.tapioni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 41273\r\nserver: cloudflare\r\nlast-modified: Mon, 10 Nov 2025 10:05:03 GMT\r\nvary: Accept-Encoding\r\netag: \"6911b8cf-a139\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\nage: 401768\r\ncf-cache-status: HIT\r\ncf-ray: 9a0be9fb1c49b503-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":134332,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65498), with no line terminators","md5":"3b4d2cef2d654ba5b8451f3274d2eec2","sha1":"bc0ccbcae68a88da5dbf353cd189aead463ddb9d","sha256":"8702933a72df2217e6c61d654f4494fe0b7814c4eed13205b52e6d024559e93d","sha512":"e64660c80c8580f2302fc44f2ee4162682f4ba80896fd60b1d03b2cc67d0c11d0e7bba180d2034baa52cbcd02ae9330e68f021f8fbeb0eaad970ae2e9fc5dafe","ssdeep":"1536:gmQEWeFL35kTTLy8UFV5tl2NuZ8UnbyVqb0IjzYrOpwQ4:XQEWeFWTTLy8mJHZ8mq","tlshash":"efd3628dbbc1b5a106a37064023f540af2b73a54b48fc8c0f669d5e06e7e94f6167e2d","first_seen":"2025-11-10T18:08:30.266138Z","last_seen":"2025-11-25T01:12:43.431593Z","times_seen":87,"resource_available":true,"data":null}},"time_used":137,"timings":{"blocked":62,"dns":38,"connect":1,"send":0,"wait":10,"receive":2,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"cdn.tapioni.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bvtpk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 20:07:09 GMT","end":"Thu, 05 Feb 2026 21:05:30 GMT"},"fingerprint":{"sha1":"D2:20:C9:EE:4B:2D:3A:82:43:E2:14:9E:C3:25:30:01:9F:8F:BB:C3","sha256":"D2:57:0B:6C:75:32:2D:6D:C0:F7:1B:32:FC:56:BA:06:7F:64:4B:FC:95:E2:29:A1:4F:59:5C:DD:D3:8D:37:7B"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: bvtpk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript\r\nvary: accept-encoding\r\npriority: u=3,i=?0\r\nx-trace-id: 75c02fea947885ed76e8e3545b6fc3d8\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 1626\r\ncf-cache-status: HIT\r\nlast-modified: Wed, 19 Nov 2025 00:58:24 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=haKslyillEbkgwXwHXrBni0TnN4SKmuIPdjug2kodMIdEMwvyqp4juWnE2NTihr66EMs60VR1ZCVyY%2BSOogEBcH1IaIvPxY%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a0bea024d3b568b-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":110317,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"092e2b349877bc9c386e836f29be1bd4","sha1":"fd0f42f7d52a8572916b03f91b6963dbc62287c6","sha256":"1f282bb3aecc3d11cf728f24052d5d575b0a24f1fa51d8570b0297213e58ea2f","sha512":"d0a3dc8ebac3a45be66824978435912ea0c89cc12bc918e1b920ae0b3607ec95701f9726c24af6364bb2c256c099881bebf47bf3c2c518e62be0ba76922512a1","ssdeep":"1536:TX3SvSfBAcXOXtDRQ++LNfU4IICZx6v8HN0SDhfkwdB7U4jMlDHQjN7Tc5tXQMS:TXC6J0xRV+LmdIOxP0SNzjN7Tc5tgZ","tlshash":"32b32bd672667469126e90244597ec0db5be8c80048d8db8f0e5fc722d74b22e3f7be9","first_seen":"2025-11-18T15:54:58.895631Z","last_seen":"2025-11-19T05:50:11.586994Z","times_seen":14,"resource_available":true,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bvtpk.com/tag.min.js","fqdn":"bvtpk.com","domain":"bvtpk.com","tld":"com"},"ip":{"addr":"104.21.5.190","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:28.283Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bvtpk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 07 Nov 2025 20:07:09 GMT","end":"Thu, 05 Feb 2026 21:05:30 GMT"},"fingerprint":{"sha1":"D2:20:C9:EE:4B:2D:3A:82:43:E2:14:9E:C3:25:30:01:9F:8F:BB:C3","sha256":"D2:57:0B:6C:75:32:2D:6D:C0:F7:1B:32:FC:56:BA:06:7F:64:4B:FC:95:E2:29:A1:4F:59:5C:DD:D3:8D:37:7B"}}},"request":{"raw":"GET /tag.min.js HTTP/1.1\r\nHost: bvtpk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:28 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nx-trace-id: 75c02fea947885ed76e8e3545b6fc3d8\r\ncache-control: public, max-age=600, s-maxage=1800\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\ncontent-encoding: gzip\r\nage: 1623\r\ncf-cache-status: HIT\r\nlast-modified: Wed, 19 Nov 2025 00:58:24 GMT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2yIfzEHDSWnkGnHiwJoMbn3k2B%2BmtX3D2%2F4tRG0u5y9vda1vtruNKvU5WpYiPNN8q%2F1kO2Oe6rHPBI9GNTeeI7gtLtJARouD7w%3D%3D\"}]}\r\ncf-ray: 9a0be9f41ecb1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":110317,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"092e2b349877bc9c386e836f29be1bd4","sha1":"fd0f42f7d52a8572916b03f91b6963dbc62287c6","sha256":"1f282bb3aecc3d11cf728f24052d5d575b0a24f1fa51d8570b0297213e58ea2f","sha512":"d0a3dc8ebac3a45be66824978435912ea0c89cc12bc918e1b920ae0b3607ec95701f9726c24af6364bb2c256c099881bebf47bf3c2c518e62be0ba76922512a1","ssdeep":"1536:TX3SvSfBAcXOXtDRQ++LNfU4IICZx6v8HN0SDhfkwdB7U4jMlDHQjN7Tc5tXQMS:TXC6J0xRV+LmdIOxP0SNzjN7Tc5tgZ","tlshash":"32b32bd672667469126e90244597ec0db5be8c80048d8db8f0e5fc722d74b22e3f7be9","first_seen":"2025-11-18T15:54:58.895631Z","last_seen":"2025-11-19T05:50:11.586994Z","times_seen":14,"resource_available":true,"data":null}},"time_used":114,"timings":{"blocked":54,"dns":22,"connect":1,"send":0,"wait":5,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/postscribe/2.0.8/postscribe.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/postscribe/2.0.8/postscribe.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 5117\r\ncf-ray: 9a0be9fc8abe1a30-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03faa-45f4\"\r\nlast-modified: Mon, 04 May 2020 16:15:38 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 88418\r\nexpires: Mon, 09 Nov 2026 01:25:29 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=BAJa1qSINSCNv%2BtFKnEpnZGQCpiWajCIRFIkXoQH1aC7w9bLBqxOO72K%2FxZle9gNpZOqIm%2FsyKbKmy8fWY4h4V3oGIAhCWyi0MAV0c903%2BiCol3pT75PH81HnFB7XgBtPPAlN51x\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":17908,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (17660)","md5":"12dd498bf90c536803c2aad708b66c2b","sha1":"5f9363d39a405d1c94328cf2303ff4a05c0ad163","sha256":"c4e20f53f5ef0ed44b783437aa3f4638a9a56cc4aa29ae83ed9212eb2807052a","sha512":"ec593a501ebf74c092e564a1aaf0b477d3da6813c9a88f29d0d2a0db8143bdf19718ba4e6b13f64295b077ca5cb9c13460c30f9f2f35982a82597b22f79ffdd1","ssdeep":"192:l3GySZoj5oOg8pu564aEzn5nVMnyk3sBakk3cx7x0IlQV0Hf1b5SwU+ahpfex/W9:lWytjU64auV0ISjyW5RAe","tlshash":"6f82b38cb295f0b553d710b5403f910fe2366928654ec4d8f288d5ea2c7899d663bf3d","first_seen":"2023-03-07T01:02:54Z","last_seen":"2026-04-05T10:26:25.820991Z","times_seen":7030,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":17,"dns":4,"connect":1,"send":0,"wait":11,"receive":1,"ssl":13},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.capndr.com/popunder-admanager/build.m.js","fqdn":"js.capndr.com","domain":"capndr.com","tld":"com"},"ip":{"addr":"45.133.44.53","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.capndr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 13 Oct 2025 02:32:03 GMT","end":"Sun, 11 Jan 2026 02:32:02 GMT"},"fingerprint":{"sha1":"4F:91:E2:5E:A1:B1:4D:7F:49:01:1E:73:C6:07:EB:0A:BE:44:4C:44","sha256":"7B:0D:8E:03:0E:6E:23:65:30:3D:E8:FC:0C:E7:66:46:E2:5B:7F:FA:FD:D2:FF:61:4C:A4:18:08:24:70:51:6B"}}},"request":{"raw":"GET /popunder-admanager/build.m.js HTTP/1.1\r\nHost: js.capndr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Mon, 10 Nov 2025 11:57:34 GMT\r\netag: W/\"6911d32e-1747d\"\r\ncontent-encoding: gzip\r\nexpires: Wed, 19 Nov 2025 01:30:31 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1747\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":95357,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"9fcd0ce6da93385c2aae7faae9ee533d","sha1":"4e81cc0eb5a5e4a80ac043722254a206a2467d21","sha256":"044cbb4a44b387749d187da88b0888e8ff2da383ca1bf3bf8390752a90aa322d","sha512":"877349afc430e39cd8267d0f2c544022abd64568136237d5f8ba8aa0bf90138755fad1b45c30e34e530f757291b27924da67f4f040146f5c75b06aa012ff52b8","ssdeep":"768:ubVWcprcLsdOKo/+PDPfVal3ATlP8JnU2qbJ/XSURcq3TG9sh8sf2x22Zf4dsU9w:WkmOK1Nh8J0/tddEf","tlshash":"899318cdb7d2b07043b765ba902f151ab33f2a09b809441cf969d9d138ad84e9327f79","first_seen":"2025-11-10T18:08:30.272513Z","last_seen":"2026-03-28T06:35:34.362837Z","times_seen":308,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"js.capndr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"167.235.163.216","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.913Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:00:40 GMT","end":"Sat, 24 Jan 2026 02:00:39 GMT"},"fingerprint":{"sha1":"2B:72:A9:3F:14:00:92:B9:05:AC:BC:3B:22:CB:D9:87:80:23:C8:3D","sha256":"60:5B:BA:7E:5F:7A:B1:E0:55:4D:4C:29:EA:C7:21:68:37:AF:03:5B:A7:3D:15:98:F1:65:96:AB:4A:3E:17:3B"}}},"request":{"raw":"POST /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json;charset=utf-8\r\nContent-Length: 85\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-type: application/json\r\ncontent-length: 15\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":15,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"32323194b8b07fd0aa9b6f7fc79a7b30","sha1":"ea248c45722bff267b55a453dc794bc42171cef6","sha256":"080040b4937f3f423f32cd7f19b2a79ba1e1e213f1d9f4f4db4f609d4ad778d8","sha512":"e6b7cefe758be1e47a28ed8fc319cd61814e942838f0f65a26e629f0af39fae2547bece75c020c0cad5294b741a20911757b43b493dea2d3b109e4cf3ae3e9a3","ssdeep":"","tlshash":"9d600008200a08020880a000a20082002000a002002008282880008083002000888800","first_seen":"2023-09-22T06:12:14Z","last_seen":"2026-04-05T06:16:50.406003Z","times_seen":2250,"resource_available":false,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nereserv.com/in/dip?event_id=3328a943-79be-4d37-9805-f51cc2f07eca\u0026subid=1450210302\u0026spot_id=1457063\u0026created_at=2025-11-19\u0026timezone=0\u0026ver=1.170.1","fqdn":"nereserv.com","domain":"nereserv.com","tld":"com"},"ip":{"addr":"167.235.163.216","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:32.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:00:40 GMT","end":"Sat, 24 Jan 2026 02:00:39 GMT"},"fingerprint":{"sha1":"2B:72:A9:3F:14:00:92:B9:05:AC:BC:3B:22:CB:D9:87:80:23:C8:3D","sha256":"60:5B:BA:7E:5F:7A:B1:E0:55:4D:4C:29:EA:C7:21:68:37:AF:03:5B:A7:3D:15:98:F1:65:96:AB:4A:3E:17:3B"}}},"request":{"raw":"GET /in/dip?event_id=3328a943-79be-4d37-9805-f51cc2f07eca\u0026subid=1450210302\u0026spot_id=1457063\u0026created_at=2025-11-19\u0026timezone=0\u0026ver=1.170.1 HTTP/1.1\r\nHost: nereserv.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.20.1\r\ndate: Wed, 19 Nov 2025 01:25:32 GMT\r\ncontent-length: 0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":26,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"nereserv.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/vast-im.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.tapioni.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 14:57:20 GMT","end":"Fri, 13 Feb 2026 15:57:18 GMT"},"fingerprint":{"sha1":"80:2D:1E:ED:7E:27:75:C8:26:5C:5A:67:67:AE:0B:64:50:E0:CB:35","sha256":"12:CD:2F:65:36:49:D1:F0:8F:A7:6A:68:FF:9C:96:CC:70:D2:75:FE:A5:51:07:CC:D0:AA:5A:75:18:DC:8D:61"}}},"request":{"raw":"GET /vast-im.js HTTP/1.1\r\nHost: cdn.tapioni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 88978\r\nserver: cloudflare\r\nlast-modified: Mon, 10 Nov 2025 10:05:03 GMT\r\nvary: Accept-Encoding\r\netag: \"6911b8cf-15b92\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\nage: 401836\r\ncf-cache-status: HIT\r\ncf-ray: 9a0be9fb1c4ab503-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":315377,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65503), with no line terminators","md5":"ef71e3a5fcdca2418129fff7f4e54e50","sha1":"10aee0abfddbfb0a11737088d393d5fe88ba24c0","sha256":"d685cc4df641365217ddcc69a3efcf9a6ad8b1535125dffd0a9df95bc0f46882","sha512":"a4951a72b5fef052521f78900f47c405563dfcb8c729a66c638eefb675dc50f2175433308dd2228118ff250944954d65abbc5a8b7f067937d922be440aa3007f","ssdeep":"3072:StY4dFHJC/KyWM8exrt9pGW18MHy3rxXqkPj92La7/rK/cJs83h3f2g:IdFg/KBeNt9j6JEkPj9iB/cy83h3fP","tlshash":"3a64a3c9b6c6b0a543e7b0b8403f520ef276a955b44ac9c0e266e9d1ac7c94e5037f7c","first_seen":"2025-11-10T18:08:30.221651Z","last_seen":"2025-11-25T08:32:30.006114Z","times_seen":106,"resource_available":true,"data":null}},"time_used":133,"timings":{"blocked":62,"dns":37,"connect":1,"send":0,"wait":4,"receive":4,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"cdn.tapioni.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/main-BvvAt3kL-1763461621343.js","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:27.937Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /assets/main-BvvAt3kL-1763461621343.js HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:27 GMT\r\ncontent-type: application/x-javascript\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A9681FB6DB2D28F695582D095\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 18 Nov 2025 10:27:11 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nx-ccdn-expires: 2591176\r\nvia: EU-FRA-marseille-EDGE3-CACHE15[3],EU-FRA-marseille-EDGE3-CACHE8[0,TCP_HIT,2],EU-IRL-dublin-GLOBAL1-CACHE17[6],EU-IRL-dublin-GLOBAL1-CACHE1[0,TCP_HIT,4]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 43becc192f66df493511f81b7b9a638f\r\nnginx-hit: 1\r\nage: 2929\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=rBz%2FLKz9Z5PD1Es6i85KnkSlkUOWwr4SHPY7qGhbKDgWzYUy%2Fhvnw7B9r%2BImFWEoCmNoUwonVEyZxhoonp8qOaY0Vc7XdpwmScqH82wywPRp\"}]}\r\netag: W/\"75ded8a23bdc488464ca89276cec9deb\"\r\ncontent-encoding: br\r\ncf-ray: 9a0be9f17b6d568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":103773,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (14304)","md5":"75ded8a23bdc488464ca89276cec9deb","sha1":"012ff67627ed4fb7c50033da6580270b435b4da1","sha256":"d2297cc166449287ab82daf7794d8f1fc57cb90c5e0f0f5aac465e1704357d7a","sha512":"399dd1e4852765dd467b01f5579edff609922a6a0b56b052c8c12202c57e9c783991ee4d7bf2b32b35a71215845818d1f9740d8198e9487f09306fa32e8b0ec2","ssdeep":"1536:EpR1KKXrrBFfGYkBvaW/a3CaHHq4FfYuFlrThZzY5Bxev7rIX7/ukoKFCFvo4N9q:EpTZZFfGYgHQHwqlZDkohsCGe0B","tlshash":"8aa38eed612d8e3dfc5609c1787a9534b828366af928c8c1f0bd3c025b94d8459ab7de","first_seen":"2025-11-19T01:26:03.483122Z","last_seen":"2025-11-19T01:26:03.483122Z","times_seen":1,"resource_available":true,"data":null}},"time_used":24,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":16,"receive":8,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"driverhugoverblown.com/solid.gif?z=2081141\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.637-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=JT9HinlaHR0cHM6Ly93d3cuZmxvd2Rvb2R4d24uY29tL2UvS0J5aDBkeHU%2FbHYxPWNkbnZpZGVxLm9yZw\u0026afid=7152448171581440\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=1212\u0026rlp=%5B0%2C93%2C246%2C174%2C55811%2C7727%2C719%2C7363%2C1%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5","fqdn":"driverhugoverblown.com","domain":"driverhugoverblown.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.491Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driverhugoverblown.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 14:23:57 GMT","end":"Wed, 21 Jan 2026 14:23:56 GMT"},"fingerprint":{"sha1":"AB:39:B2:8C:70:D6:0B:38:B0:1E:73:99:51:2D:35:30:EA:6B:4A:70","sha256":"86:18:14:14:6C:52:E9:C3:AC:03:AF:10:49:19:37:24:9D:9A:36:E6:1A:05:C8:1C:8E:69:BE:53:1E:CE:6F:65"}}},"request":{"raw":"POST /solid.gif?z=2081141\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.637-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=\u0026pcs=2\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=JT9HinlaHR0cHM6Ly93d3cuZmxvd2Rvb2R4d24uY29tL2UvS0J5aDBkeHU%2FbHYxPWNkbnZpZGVxLm9yZw\u0026afid=7152448171581440\u0026eclog=0\u0026snc=0\u0026ssc=0\u0026vp=0\u0026pload=1212\u0026rlp=%5B0%2C93%2C246%2C174%2C55811%2C7727%2C719%2C7363%2C1%5D\u0026srw=1280\u0026srh=1024\u0026im=1\u0026noch=1\u0026cs=5 HTTP/1.1\r\nHost: driverhugoverblown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-route-id: stats.tag.loaded\r\nset-cookie: CHCK=1; Path=/; Expires=Wed, 23 Dec 2026 01:25:31 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Wed, 23 Dec 2026 01:25:31 GMT; Secure; SameSite=None\nUID=2511182025603553a1273240549853c2b52d; Path=/; Expires=Wed, 23 Dec 2026 01:25:31 GMT; Secure; SameSite=None\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"28e463819a210071de3b45ebe7633613","sha1":"6dccd571828ec0912629119cf7eabfea9f33ddbc","sha256":"44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84","sha512":"8a82ac5a7883cd9b74bdb561cf825ce86474e259ad8c445e538d697b0003e3f2b1d6edcd3dc6512f4ad16e9074da204a79938257c457ecf68f4329eac0182e67","ssdeep":"","tlshash":"04900003e280e082c3a0c0300e0ccb802b88a2308a28030fb0fc2baefc3a3a20c23000","first_seen":"2023-04-05T09:26:54Z","last_seen":"2026-04-05T11:28:19.18957Z","times_seen":20482,"resource_available":false,"data":null}},"time_used":73,"timings":{"blocked":55,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fp.metricswpsh.com/fp?tag_id=349919","fqdn":"fp.metricswpsh.com","domain":"metricswpsh.com","tld":"com"},"ip":{"addr":"157.90.84.242","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.693Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"notification.tubecup.net","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 11:47:47 GMT","end":"Sun, 08 Feb 2026 11:47:46 GMT"},"fingerprint":{"sha1":"05:1E:63:2F:40:1F:87:C3:0D:F0:42:C7:EA:E8:B1:D8:6F:76:7C:FC","sha256":"1C:13:0E:F6:58:8A:8C:D7:DE:1F:9F:20:D5:17:50:15:02:D5:C8:8E:39:40:68:3F:01:24:F2:73:14:BA:25:0F"}}},"request":{"raw":"OPTIONS /fp?tag_id=349919 HTTP/1.1\r\nHost: fp.metricswpsh.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.flowdoodxwn.com/\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/1.1 204 No Content\r\nServer: nginx/1.20.1\r\nDate: Wed, 19 Nov 2025 01:25:31 GMT\r\nConnection: keep-alive\r\nAccess-Control-Allow-Credentials: true\r\nAccess-Control-Allow-Headers: content-type\r\nAccess-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE\r\nAccess-Control-Allow-Origin: https://www.flowdoodxwn.com\r\nVary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":368,"timings":{"blocked":171,"dns":94,"connect":24,"send":0,"wait":25,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"fp.metricswpsh.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/spots/494334?s1=1983049288540758018\u0026fs1=1\u0026i=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.544Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.labadena.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 23:28:43 GMT","end":"Wed, 04 Feb 2026 23:28:42 GMT"},"fingerprint":{"sha1":"66:4E:04:65:51:00:00:6F:45:5C:CD:BC:6C:DD:60:70:78:C4:D0:F8","sha256":"57:1A:C5:4F:7F:E6:61:6B:64:F0:82:6B:5F:1D:34:EC:2B:4C:B2:39:E0:5B:C9:DE:A4:CA:BD:76:ED:3E:9A:61"}}},"request":{"raw":"GET /api/spots/494334?s1=1983049288540758018\u0026fs1=1\u0026i=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad HTTP/1.1\r\nHost: a.labadena.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nset-cookie: nauid=phqLjIR5yKplhhP7z9KV; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None\r\nx-robots-tag: noindex, nofollow\r\ncache-control: private\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":2572,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (2071)","md5":"62905b1c928699522e177e794796c3f2","sha1":"cf57b09fc747a14cc675262ba6dca85735192a7b","sha256":"6bc17fd21eeecb9b890e4971e29a17737cf57f2bbf026f3b08e769e50cb1c60d","sha512":"0a31eef0991a2048952f4faa6bd423b274022e870b9258cc39db9b3dbe94d0c8e5d9554b08a75bc63ddc7de6b0e38caa45e92683abcf79f1d444a75f5873edb8","ssdeep":"","tlshash":"5c517584d6e86217f62710b0dd7acb9f655ea24192194075eef726a9c3cc64c06712ca","first_seen":"2025-11-19T01:26:03.487885Z","last_seen":"2025-11-19T01:26:03.487885Z","times_seen":1,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":67,"dns":7,"connect":26,"send":0,"wait":14,"receive":0,"ssl":31},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"a.labadena.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.lixstreamingcaio.com/v1/user/gray/rules/check","fqdn":"api.lixstreamingcaio.com","domain":"lixstreamingcaio.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.404Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lixstreamingcaio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 09:33:43 GMT","end":"Wed, 21 Jan 2026 10:32:28 GMT"},"fingerprint":{"sha1":"4B:56:A4:B4:FD:CC:C3:10:87:7C:9D:AF:AA:DD:15:76:A6:A6:24:82","sha256":"47:9F:6B:6B:87:90:3E:BD:D7:80:43:FF:15:2C:13:C1:55:79:08:46:0A:9F:49:69:9F:4A:06:B8:50:C5:B3:3A"}}},"request":{"raw":"OPTIONS /v1/user/gray/rules/check HTTP/1.1\r\nHost: api.lixstreamingcaio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.flowdoodxwn.com/\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-length: 0\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE\r\naccess-control-allow-headers: content-type\r\naccess-control-expose-headers: X-Error-Code\r\naccess-control-allow-credentials: true\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2%2FM0zYmZyrveEv2J%2F8slGJ9PhgymIJGJmwM2tVYbnM3VP6s2h0V9f0sZAw7sTJg3UEi3UwE5Xa5DOMJbuV8GspC3zbrQh0xc2y0Q83hRYEviRvhBU6s0YQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a0be9facd6032fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":831,"timings":{"blocked":0,"dns":1,"connect":0,"send":0,"wait":830,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"driverhugoverblown.com/check.html","fqdn":"driverhugoverblown.com","domain":"driverhugoverblown.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.012Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"driverhugoverblown.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 14:23:57 GMT","end":"Wed, 21 Jan 2026 14:23:56 GMT"},"fingerprint":{"sha1":"AB:39:B2:8C:70:D6:0B:38:B0:1E:73:99:51:2D:35:30:EA:6B:4A:70","sha256":"86:18:14:14:6C:52:E9:C3:AC:03:AF:10:49:19:37:24:9D:9A:36:E6:1A:05:C8:1C:8E:69:BE:53:1E:CE:6F:65"}}},"request":{"raw":"GET /check.html HTTP/1.1\r\nHost: driverhugoverblown.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Thu, 23 Oct 2025 09:18:01 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68f9f2c9-39e\"\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"088dba8e97eede53134c93219f7ebbae","sha1":"adb707654d1fe0af7d0d7a9f55660d22bd3625e4","sha256":"6da0120b4c7bc45b63fcbb87595c3c1ea2cdca482b0c48d4d2ab434f9e897aff","sha512":"23a1f87731e8aee4658993cd1ce35ec179fea80b89bf52aca7634488f1bdfcf88b9cabca4859481357a9fee06cbb49df64bbe0878b1dae0e5df4fa34003c6d80","ssdeep":"","tlshash":"6211d04934e1684c1127a6301597a2183c32a40315cbd949fb9cd7301f815a7dc596df","first_seen":"2024-11-22T16:59:41.974716Z","last_seen":"2026-03-04T10:11:28.020186Z","times_seen":13721,"resource_available":true,"data":null}},"time_used":17,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":17,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bereave.onelinevideo.com/moire/calibre/eclipse","fqdn":"bereave.onelinevideo.com","domain":"onelinevideo.com","tld":"com"},"ip":{"addr":"47.252.7.200","port":443,"asn":45102,"as":"Alibaba US Technology Co., Ltd.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.374Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"bereave.onelinevideo.com","organization":""},"issuer":{"commonName":"Encryption Everywhere DV TLS CA - G2","organization":"DigiCert Inc"},"validity":{"start":"Mon, 21 Apr 2025 00:00:00 GMT","end":"Mon, 20 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E0:8E:3E:B2:04:D3:F1:8E:24:9D:86:3A:9E:82:A4:F5:45:3F:D1:AD","sha256":"92:99:82:77:56:12:E5:7A:6F:E4:9E:E1:33:D0:ED:6E:11:A4:AF:65:E4:1A:60:B9:75:F8:9B:59:74:D7:01:8B"}}},"request":{"raw":"POST /moire/calibre/eclipse HTTP/1.1\r\nHost: bereave.onelinevideo.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 932\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\ncache-control: no-store\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":38,"size_decoded":0,"mime_type":"application/json","magic":"ASCII text, with no line terminators","md5":"a1786c0f1cd68cf2295dd37001b1e819","sha1":"df5a4f212f55afac739745acc6f19debd1743af4","sha256":"6ac1641d72977cea6f9911a8a6747cae50044e46d271b128804fec274a8fec2f","sha512":"b079511f42cad4d91c35cbdf77ffce641cd2332132ab5d0f35f08051cb842dff5c7cc2a24218dee3f1e6b68e3908d8f88d57ff52a86c5c14528cc7925fa343d6","ssdeep":"","tlshash":"c68004d150d4c0f0140101fc7410d501df0403d104054453d704cc535313570c114147","first_seen":"2025-11-19T01:26:03.491522Z","last_seen":"2025-11-19T01:26:03.491522Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1176,"timings":{"blocked":537,"dns":105,"connect":114,"send":0,"wait":103,"receive":0,"ssl":315},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/asg_embed.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.627Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.tapioni.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 14:57:20 GMT","end":"Fri, 13 Feb 2026 15:57:18 GMT"},"fingerprint":{"sha1":"80:2D:1E:ED:7E:27:75:C8:26:5C:5A:67:67:AE:0B:64:50:E0:CB:35","sha256":"12:CD:2F:65:36:49:D1:F0:8F:A7:6A:68:FF:9C:96:CC:70:D2:75:FE:A5:51:07:CC:D0:AA:5A:75:18:DC:8D:61"}}},"request":{"raw":"GET /asg_embed.js HTTP/1.1\r\nHost: cdn.tapioni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 76922\r\nserver: cloudflare\r\nlast-modified: Mon, 10 Nov 2025 10:05:03 GMT\r\nvary: Accept-Encoding\r\netag: \"6911b8cf-12c7a\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\nage: 604\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\ncf-ray: 9a0bea026e0fb503-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":244907,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65503), with no line terminators","md5":"fe439ed2222d8c3e4eed412da17055c3","sha1":"27808772b3210cd7fbe67dfd71ee3c0a8fa5e20c","sha256":"d9e6d2d5de74e5ef74575e3fb2ed9679c30625de9dc24551959dcb9c70064f50","sha512":"21baa7d660683e476d1d8d80b473aeaa709dcbd5a058ef8c0de1b17adc6dc477dd029ee2136b2dc9dfbd4434e1c49f133d9b83882f45207f5b1864b1ce547cd0","ssdeep":"6144:cGdO0Ur4i8d+5csa6tZylzd+2TG5vH2aj0gpt9RO+JgtOrgfAs28wzxordsQmwZ9:srOd+OYREP","tlshash":"4334a689b6c1b0a403e3a1f4016f551af277b904744ec5c2f729d9d1aeb9a0e5a27f3c","first_seen":"2025-11-10T10:16:11.775638Z","last_seen":"2025-11-25T12:42:17.612638Z","times_seen":150,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"cdn.tapioni.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accuratephrase.com/Yt2ux.pvZ-Wx5y0zZAG_FC0DYETF9-yHcImJlKk_PMTNhOkPN-2RFShTMUz_cW0XYYWZU-2bZcjdce1_Ng2hFiijZ-mlYm0nMom_NqlrMsWtR-ivOwWxEy2_NAWBFChD","fqdn":"accuratephrase.com","domain":"accuratephrase.com","tld":"com"},"ip":{"addr":"188.72.219.35","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.895Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"accuratephrase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 06:43:11 GMT","end":"Sat, 10 Jan 2026 06:43:10 GMT"},"fingerprint":{"sha1":"5C:01:82:3D:3E:91:A2:72:76:A4:E8:DA:42:F8:FD:E6:74:85:B6:CF","sha256":"70:75:DE:E9:C6:17:AD:2B:3D:6E:6A:92:30:CC:7F:07:FE:0A:01:18:13:08:46:C7:F6:A5:EE:0D:04:8E:7E:00"}}},"request":{"raw":"POST /Yt2ux.pvZ-Wx5y0zZAG_FC0DYETF9-yHcImJlKk_PMTNhOkPN-2RFShTMUz_cW0XYYWZU-2bZcjdce1_Ng2hFiijZ-mlYm0nMom_NqlrMsWtR-ivOwWxEy2_NAWBFChD HTTP/1.1\r\nHost: accuratephrase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 82\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-length: 0\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":51,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":51,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-1826725384:1763515532168110\u0026ifkv=ARESoU0wuM0cciaFMjtEVtPF84RxMlVxvpy2LnjmSCyLhoKAgD9de9RPSniM5SIsBA-XWQmjodkS","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:32.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:52 GMT","end":"Mon, 19 Jan 2026 08:35:51 GMT"},"fingerprint":{"sha1":"95:94:D2:A2:42:3D:9B:2F:BB:65:03:35:EA:85:1D:B6:C0:BB:E5:07","sha256":"53:9A:55:C8:25:B4:4A:38:C0:A9:FD:A8:38:B3:FD:CA:8E:7E:1F:2A:79:A9:52:76:8C:00:7C:7B:96:1E:45:33"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-1826725384:1763515532168110\u0026ifkv=ARESoU0wuM0cciaFMjtEVtPF84RxMlVxvpy2LnjmSCyLhoKAgD9de9RPSniM5SIsBA-XWQmjodkS HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:eVnLMTaDynNPFLjmILSxneF51WaXNA:cQQtJM_7jnRmoQq8;Path=/;Expires=Fri, 19-Nov-2027 01:25:32 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 19 Nov 2025 01:25:32 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-1826725384%3A1763515532168110\u0026hl=en\u0026ifkv=ARESoU2GLkdAZXCFsLzUfivNLrmJcAllmnPKeJMePjmaal4964SOMaGSz96JOtp5yx_eh0L0dtsK\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-3oGnZeHnnn5PosbuiwPeGg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 416\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":42,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":42,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-1826725384%3A1763515532168110\u0026hl=en\u0026ifkv=ARESoU2GLkdAZXCFsLzUfivNLrmJcAllmnPKeJMePjmaal4964SOMaGSz96JOtp5yx_eh0L0dtsK\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:32.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:52 GMT","end":"Mon, 19 Jan 2026 08:35:51 GMT"},"fingerprint":{"sha1":"95:94:D2:A2:42:3D:9B:2F:BB:65:03:35:EA:85:1D:B6:C0:BB:E5:07","sha256":"53:9A:55:C8:25:B4:4A:38:C0:A9:FD:A8:38:B3:FD:CA:8E:7E:1F:2A:79:A9:52:76:8C:00:7C:7B:96:1E:45:33"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026dsh=S-1826725384%3A1763515532168110\u0026hl=en\u0026ifkv=ARESoU2GLkdAZXCFsLzUfivNLrmJcAllmnPKeJMePjmaal4964SOMaGSz96JOtp5yx_eh0L0dtsK\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 19 Nov 2025 01:25:32 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-3UtcT5mlihZLK13d-mBNsA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.nTB-S8XDrAA.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":70,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":70,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.lixstreamingcaio.com/v2/s/home/resources/KByh0dxu","fqdn":"api.lixstreamingcaio.com","domain":"lixstreamingcaio.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:28.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lixstreamingcaio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 09:33:43 GMT","end":"Wed, 21 Jan 2026 10:32:28 GMT"},"fingerprint":{"sha1":"4B:56:A4:B4:FD:CC:C3:10:87:7C:9D:AF:AA:DD:15:76:A6:A6:24:82","sha256":"47:9F:6B:6B:87:90:3E:BD:D7:80:43:FF:15:2C:13:C1:55:79:08:46:0A:9F:49:69:9F:4A:06:B8:50:C5:B3:3A"}}},"request":{"raw":"OPTIONS /v2/s/home/resources/KByh0dxu HTTP/1.1\r\nHost: api.lixstreamingcaio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type,x-stream-l1\r\nReferer: https://www.flowdoodxwn.com/\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-length: 0\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-methods: OPTIONS,GET,POST,PUT,DELETE\r\naccess-control-allow-headers: content-type, x-stream-l1\r\naccess-control-expose-headers: X-Error-Code\r\naccess-control-allow-credentials: true\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=3JPXqEn%2BhgI7kUrRGGNggBYZJ3S9ciS3elTrom%2FZAKaVomPHrD1rXaI7qaQGmpwgqtodCGDmkjygbyHoVcj2Z6SoRjWY7O1hLZ6Q3UuseiMbR2IeM7g%3D\"}]}\r\ncf-ray: 9a0be9f41cbb56b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":886,"timings":{"blocked":47,"dns":15,"connect":5,"send":0,"wait":790,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"x3os.com/5/10111173/?oo=1\u0026js_build=iclick-v1.1622.0\u0026userId=080286706c5347fefffff21b4c806157\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0","fqdn":"x3os.com","domain":"x3os.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"x3os.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Sep 2025 05:23:11 GMT","end":"Sun, 28 Dec 2025 05:23:10 GMT"},"fingerprint":{"sha1":"4C:6E:3B:CA:38:7D:B2:00:EF:B4:4F:88:9B:3E:29:55:91:FE:AF:0E","sha256":"D2:5C:87:BC:0F:B8:02:33:A0:8D:AD:46:BB:C5:BC:CF:EF:1B:AA:A6:7C:F2:DE:D3:6F:DC:A2:89:AC:97:C0:87"}}},"request":{"raw":"POST /5/10111173/?oo=1\u0026js_build=iclick-v1.1622.0\u0026userId=080286706c5347fefffff21b4c806157\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0 HTTP/1.1\r\nHost: x3os.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2643\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":100,"dns":15,"connect":26,"send":0,"wait":29,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"x3os.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"na.nawpush.com/tags/349919?version_name=b\u0026domain=www.flowdoodxwn.com","fqdn":"na.nawpush.com","domain":"nawpush.com","tld":"com"},"ip":{"addr":"45.133.44.25","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"na.nawpush.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Tue, 18 Nov 2025 02:32:21 GMT","end":"Mon, 16 Feb 2026 02:32:20 GMT"},"fingerprint":{"sha1":"2B:B2:C7:E4:0C:35:8B:EA:A3:45:09:54:58:1F:96:D4:28:92:9E:24","sha256":"5D:DA:64:89:43:2F:60:A7:F1:43:BE:04:58:13:73:0E:73:99:6E:4B:50:A4:E4:06:23:B2:73:B0:E0:22:86:AF"}}},"request":{"raw":"GET /tags/349919?version_name=b\u0026domain=www.flowdoodxwn.com HTTP/1.1\r\nHost: na.nawpush.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-type: application/json\r\nserver: nginx/1.24.0\r\ncache-control: max-age=300, public\r\nx-cdn-host-id: DS5058\r\nx-proxy-cache: EXPIRED\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.24.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1377,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6d1014f77f49c21e7f86341e7f13935c","sha1":"626014efe2eef86759cdeedccb3d73ac386d0020","sha256":"a329341686305b206610b60d870035229f42ef5c6d5159449535b4a8b68df105","sha512":"231ed9fcd65595b4275afdfddafe89026c0cd9a198bec1e12363dd61f55e157f31bbb317a62449913660d74071fbe8302fed15b779a39eda178c847f182e1d09","ssdeep":"","tlshash":"382133ec95759caac0c4478a84d63f4802a4327bb2c87856f5ad497815cf5961d2f24b","first_seen":"2025-11-03T22:50:19.573056Z","last_seen":"2025-12-03T14:57:17.984109Z","times_seen":15,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":75,"dns":27,"connect":19,"send":0,"wait":347,"receive":0,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"na.nawpush.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"my.rtmark.net/gid.js","fqdn":"my.rtmark.net","domain":"rtmark.net","tld":"net"},"ip":{"addr":"172.64.146.234","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:28.540Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"my.rtmark.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 26 Oct 2025 15:37:01 GMT","end":"Sat, 24 Jan 2026 16:36:49 GMT"},"fingerprint":{"sha1":"84:49:FF:DC:BD:D8:BA:3D:2F:25:0B:EF:CA:E4:6D:73:79:8C:F9:7D","sha256":"AF:21:94:4D:14:07:CF:FC:E5:3C:3C:F4:AC:47:9E:83:98:6A:62:87:FB:8C:27:43:25:FB:97:CC:47:15:99:4A"}}},"request":{"raw":"GET /gid.js HTTP/1.1\r\nHost: my.rtmark.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:28 GMT\r\ncontent-type: application/json; charset=utf-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-methods: POST, GET, OPTIONS, PUT, DELETE\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, Authorization,X-CSRF-Token\r\naccess-control-expose-headers: Authorization\r\naccess-control-allow-credentials: true\r\nset-cookie: ID=080286706c5347fefffff21b4c806157; expires=Thu, 19 Nov 2026 01:25:28 GMT; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\ntiming-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\ncf-ray: 9a0be9f59a97a0f0-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":65,"size_decoded":0,"mime_type":"application/json; charset=utf-8","magic":"JSON text data","md5":"ca95afeae843bdd7bbaa92d2387a9264","sha1":"541febd8f61ee6ddd98d925151368d0fbdb4ed0e","sha256":"f986f42f49aa3e78ccf6ceaf682f1cee7e0949a8ca4d52a95860eed1b3026e6c","sha512":"cb72a36ecbc0ee1faf8f9006da83b15b2ddcf9db7eb9df07fdf834550a84ad9e6d24ce38b6b1c8491d59ce58a8f05c2d97207d22e480d6272a2eccc8c968abd4","ssdeep":"","tlshash":"20a02280000800c00200a008080bc38a800082c38800a30a02e0c02022ab28c22a02a0","first_seen":"2025-11-19T01:26:03.493615Z","last_seen":"2025-11-19T01:26:03.493615Z","times_seen":1,"resource_available":false,"data":null}},"time_used":103,"timings":{"blocked":33,"dns":20,"connect":1,"send":0,"wait":37,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accuratephrase.com/c.D/9Q6Cb/2f5el/SEW/QJ9ZNNj/Yn4tOaDHkl3dN/i/0-2gN/jagC4/OSTncd3I","fqdn":"accuratephrase.com","domain":"accuratephrase.com","tld":"com"},"ip":{"addr":"188.72.219.35","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.625Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"accuratephrase.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Sun, 12 Oct 2025 06:43:11 GMT","end":"Sat, 10 Jan 2026 06:43:10 GMT"},"fingerprint":{"sha1":"5C:01:82:3D:3E:91:A2:72:76:A4:E8:DA:42:F8:FD:E6:74:85:B6:CF","sha256":"70:75:DE:E9:C6:17:AD:2B:3D:6E:6A:92:30:CC:7F:07:FE:0A:01:18:13:08:46:C7:F6:A5:EE:0D:04:8E:7E:00"}}},"request":{"raw":"GET /c.D/9Q6Cb/2f5el/SEW/QJ9ZNNj/Yn4tOaDHkl3dN/i/0-2gN/jagC4/OSTncd3I HTTP/1.1\r\nHost: accuratephrase.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript\r\nvary: Accept-Encoding\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\nlast-modified: Wed, 19 Nov 2025 01:25:30 GMT\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Content-Type\r\nset-cookie: uniqCookie=99f4cc4df7a8701f6df3f22a8dfaac97; max-age=1766107530; path=/\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38019,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22784)","md5":"e3ee2a8b6c52ff6bdf3bf6074d33a796","sha1":"a0e200a91cad7efab0de9214174cd9a08e273c9a","sha256":"95d6c6b391dc5fead0e17685af8afc166d6ae7e7959c811ac74554eb718fa826","sha512":"212960c8861b14b50273ff6c4508e3318adb22762a2bdaf15759d05be1d2d2366c2701cb5c37dcda1a6c0d9f7943433c324204d8ce4869c0f866559a730cf236","ssdeep":"768:QZhdZg7J0OMLfTF9dFaQNp8JY29c6SboEBkleZ2YoOcLhlPPTgLgooDMiG82IG/e:QZ1g7JQLqQNp8Jr9c6SboEBkleZ2qcLF","tlshash":"a503a6c8b1c3642642ea507d713b7208b23a54655429f028bc79c8e4fcb9e9f8577bbd","first_seen":"2025-11-19T01:26:03.494883Z","last_seen":"2025-11-19T01:26:03.494883Z","times_seen":1,"resource_available":true,"data":null}},"time_used":272,"timings":{"blocked":107,"dns":22,"connect":22,"send":0,"wait":66,"receive":0,"ssl":44},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.tapioni.com/adgpt.js","fqdn":"cdn.tapioni.com","domain":"tapioni.com","tld":"com"},"ip":{"addr":"104.20.34.46","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.tapioni.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 14:57:20 GMT","end":"Fri, 13 Feb 2026 15:57:18 GMT"},"fingerprint":{"sha1":"80:2D:1E:ED:7E:27:75:C8:26:5C:5A:67:67:AE:0B:64:50:E0:CB:35","sha256":"12:CD:2F:65:36:49:D1:F0:8F:A7:6A:68:FF:9C:96:CC:70:D2:75:FE:A5:51:07:CC:D0:AA:5A:75:18:DC:8D:61"}}},"request":{"raw":"GET /adgpt.js HTTP/1.1\r\nHost: cdn.tapioni.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 635\r\nserver: cloudflare\r\nlast-modified: Mon, 10 Nov 2025 10:05:03 GMT\r\nvary: Accept-Encoding\r\netag: \"6911b8cf-27b\"\r\ncontent-encoding: gzip\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\nage: 3152\r\naccept-ranges: bytes\r\ncf-cache-status: HIT\r\ncf-ray: 9a0bea02be15b503-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1285,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text, with very long lines (1285), with no line terminators","md5":"4b545479ce261f8f128bca42b01f2b48","sha1":"24a48b2711e0bdc8b80c1037760a9d6106a812c3","sha256":"8bc734c4ee2f7f3f39b1a1e7b57f483f31b108c553af0fe16bd17c7b2abe8a38","sha512":"0a1b3d7e3f89748fc6fc016db882aa8cc5b55e7576ef84f23f93409796d67900b1926385bfcec76ff2460135a2c511f1429e28c8a143af8eb6873e34afae8905","ssdeep":"","tlshash":"162165da31e0f8d213cb6956113f4009f2aa6c65157fa0d0c358cd75bcf8889a1a2faa","first_seen":"2025-11-10T10:16:11.78532Z","last_seen":"2025-11-25T02:54:33.370695Z","times_seen":160,"resource_available":true,"data":null}},"time_used":9,"timings":{"blocked":4,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"cdn.tapioni.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"x3os.com/5/10111173/?oo=1\u0026js_build=iclick-v1.1622.0\u0026userId=080286706c5347fefffff21b4c806157\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0","fqdn":"x3os.com","domain":"x3os.com","tld":"com"},"ip":{"addr":"139.45.196.64","port":443,"asn":9002,"as":"RETN Limited","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.470Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"x3os.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Sep 2025 05:23:11 GMT","end":"Sun, 28 Dec 2025 05:23:10 GMT"},"fingerprint":{"sha1":"4C:6E:3B:CA:38:7D:B2:00:EF:B4:4F:88:9B:3E:29:55:91:FE:AF:0E","sha256":"D2:5C:87:BC:0F:B8:02:33:A0:8D:AD:46:BB:C5:BC:CF:EF:1B:AA:A6:7C:F2:DE:D3:6F:DC:A2:89:AC:97:C0:87"}}},"request":{"raw":"POST /5/10111173/?oo=1\u0026js_build=iclick-v1.1622.0\u0026userId=080286706c5347fefffff21b4c806157\u0026dmn=bvtpk.com\u0026tt=2\u0026ix=0 HTTP/1.1\r\nHost: x3os.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 2643\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, Accept-Encoding, baggage, sentry-trace, favicon\r\naccess-control-max-age: 86400\r\ntiming-allow-origin: *\r\npragma: no-cache, no-cache\r\ncache-control: no-transform, no-store, no-cache, must-revalidate, max-age=0, no-store, no-cache, must-revalidate, max-age=0\r\nexpires: Tue, 11 Jan 1994 10:00:00 GMT, Mon, 26 Jul 1997 05:00:00 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":105,"timings":{"blocked":75,"dns":0,"connect":0,"send":1,"wait":29,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"x3os.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"74.125.205.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:32.038Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 27 Oct 2025 08:35:52 GMT","end":"Mon, 19 Jan 2026 08:35:51 GMT"},"fingerprint":{"sha1":"95:94:D2:A2:42:3D:9B:2F:BB:65:03:35:EA:85:1D:B6:C0:BB:E5:07","sha256":"53:9A:55:C8:25:B4:4A:38:C0:A9:FD:A8:38:B3:FD:CA:8E:7E:1F:2A:79:A9:52:76:8C:00:7C:7B:96:1E:45:33"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fm.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:wLsmwoucjSyq5Kcukk0MbcBPZbEx_g:qSJGmo52gop_WeIA; Expires=Fri, 19-Nov-2027 01:25:32 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 19 Nov 2025 01:25:32 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://m.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026dsh=S-1826725384:1763515532168110\u0026ifkv=ARESoU0wuM0cciaFMjtEVtPF84RxMlVxvpy2LnjmSCyLhoKAgD9de9RPSniM5SIsBA-XWQmjodkS\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-NmT-di-Lh_bdQBsJKLTqsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\ncross-origin-resource-policy: cross-origin\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-opener-policy: unsafe-none\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":248,"timings":{"blocked":103,"dns":0,"connect":29,"send":0,"wait":40,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"lz.faenasturbit.com/sSB8ld39qI9j8pgT/130607","fqdn":"lz.faenasturbit.com","domain":"faenasturbit.com","tld":"com"},"ip":{"addr":"188.42.241.221","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lz.faenasturbit.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 30 Oct 2025 21:32:56 GMT","end":"Wed, 28 Jan 2026 21:32:55 GMT"},"fingerprint":{"sha1":"D6:1B:84:26:55:A1:83:01:23:8C:CD:42:C8:38:30:73:F4:D6:EF:57","sha256":"53:E3:FE:81:08:0E:DC:4F:44:48:DE:93:85:98:37:CB:86:0A:DE:F4:21:AF:D8:5D:C9:7D:40:12:D9:C0:72:E7"}}},"request":{"raw":"GET /sSB8ld39qI9j8pgT/130607 HTTP/1.1\r\nHost: lz.faenasturbit.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 5\r\nvary: Origin\r\naccess-control-expose-headers: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Accept, Content-Type, Content-Length, GYFR29QT4J80VDR0ZHSJ, X-Forwarded-For, X-Requested-With, Cache-Control, Pragma, Expires, Credentials\r\naccess-control-allow-methods: GET, HEAD, POST, PUT, OPTIONS\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\nset-cookie: GGI10=GxcBAMTXn0vZ5emOqPLiOX4M/Qe07q4HxR/eVtFXVkBBUNRJMk1bINm5mJeviZWrnil/Ef8PtgjdCkZsG7FleI5h+x4ITbWAcTyxaxke3js1gQHCHB0My1UJaScZF+1k+Hd+7dR7gOQ4Zgrsx0Zs+QFdl7kB25YRerFH6GQp62HsXtptGe+XzQgIc6USHHYw+poDp5hk3ZfXG/xSRAl1MdIxAaqAbf8rUV21gz2CrNmU/L4w8BdSS/1JWhPv+v8D; max-age=3600000; path=/; secure; SameSite=None\nGUI42=G1EDAGRzTeWjR7p6Qu3mU4YH9Pm/d8f/s18Bwh2ttYAWSICBJJLv1p7hISgwsLmvbx6l1gny/4B8HjAzIAA9j+CKoejWQE7Q1BwPyagP3EDzrQkKAFxCMsFpubg+UtqnIlX8zN9T+7IO1X2MMktWiYNbyuVNiRJnf7wfUIbm+H7AEgzQyUwzPGiPsMTAVKsDJfFwD4xfforJPYXioCIf2lWxUYhhKoQ7HRcZYY50oYzyqxv9qsGaDbWD1wCyt75hKpW3uB8gHqUhyEoTSk1RxkUr1lwWVmkJtMRDLDKRhK6JKZeSpVJNYZhr9NBIY1zkqp1pIcXRmpOuXZbnZmrK1GQprh3FhAWw37LLQmbTCH66VE33X9bD3yqgSeP7AeXr1OsuO6qcJayqp9VMtT1A/4JTwT1AkJZzjPhTkAfWGyG/j8JzziRG0P/cNw==; max-age=3600000; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"f7a2939527fd9e68723da600e96d76bd","sha1":"a9e717b6364d2895ee0a716050db32ca0ef1bb42","sha256":"d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a","sha512":"e6956ec633c76eb3ebc408528f950b81373238cd1d5b9fff5ddd97089ea14a1ff5934f23769bac5d93cc4cdb6a1fbc4ce69baebfb940a55d8a7a89caccaf92b5","ssdeep":"","tlshash":"ec300000003000000000000000000000000c0000000000000000000000000c00000000","first_seen":"2023-03-07T01:14:39Z","last_seen":"2026-04-05T10:55:23.316577Z","times_seen":13669,"resource_available":true,"data":null}},"time_used":225,"timings":{"blocked":103,"dns":60,"connect":17,"send":0,"wait":19,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.lixstreamingcaio.com/v1/user/gray/rules/check","fqdn":"api.lixstreamingcaio.com","domain":"lixstreamingcaio.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.236Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lixstreamingcaio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 09:33:43 GMT","end":"Wed, 21 Jan 2026 10:32:28 GMT"},"fingerprint":{"sha1":"4B:56:A4:B4:FD:CC:C3:10:87:7C:9D:AF:AA:DD:15:76:A6:A6:24:82","sha256":"47:9F:6B:6B:87:90:3E:BD:D7:80:43:FF:15:2C:13:C1:55:79:08:46:0A:9F:49:69:9F:4A:06:B8:50:C5:B3:3A"}}},"request":{"raw":"POST /v1/user/gray/rules/check HTTP/1.1\r\nHost: api.lixstreamingcaio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json, text/plain, */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/json\r\nContent-Length: 259\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/json\r\npriority: u=3,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-expose-headers: X-Error-Code\r\naccess-control-allow-credentials: true\r\nx-xbox-platform: streaming\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ElfKdx1jEaEkJrkNZymhKSZlmDlbfVV%2F24%2BowDvfaHtSGp%2Bl2Dw0Pd2I3MpGo9bYWjd7%2BvVvOk4B%2FuxXgyqoxHy1vUN1iAnNzdXb83KOHpEqO2VY3Dom%2Fg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9a0be9fff98232fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":281,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"a3ccdf4f5cc8da7a6c2caa521331e46a","sha1":"dfe98614ee3b455bca14db2eef682f1338580a8a","sha256":"017e430f25345405c1b0bfeb89dce3a8f2be65237a718e8ad7563b2e977d9b5f","sha512":"afacf3e0a96434042d8417442f5a16ed1642ffb0e964552926b6ef374bfd2cd4e2a270fd66ee6fa906a67a47e750c72731cbcae88c0189c0a51c7a0f3bbe1b24","ssdeep":"","tlshash":"34d05e7d297154ad14985152d651e9c9f78058aabf58b750c423c11f34eb0c8723d2b7","first_seen":"2025-10-16T16:52:07.242118Z","last_seen":"2025-11-20T22:31:42.767036Z","times_seen":72,"resource_available":false,"data":null}},"time_used":212,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":212,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"api.lixstreamingcaio.com/v2/s/home/resources/KByh0dxu","fqdn":"api.lixstreamingcaio.com","domain":"lixstreamingcaio.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.157Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lixstreamingcaio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 09:33:43 GMT","end":"Wed, 21 Jan 2026 10:32:28 GMT"},"fingerprint":{"sha1":"4B:56:A4:B4:FD:CC:C3:10:87:7C:9D:AF:AA:DD:15:76:A6:A6:24:82","sha256":"47:9F:6B:6B:87:90:3E:BD:D7:80:43:FF:15:2C:13:C1:55:79:08:46:0A:9F:49:69:9F:4A:06:B8:50:C5:B3:3A"}}},"request":{"raw":"POST /v2/s/home/resources/KByh0dxu HTTP/1.1\r\nHost: api.lixstreamingcaio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nContent-Type: application/json\r\nX-Stream-L1: cdnvideq.org\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/json\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-expose-headers: X-Error-Code\r\naccess-control-allow-credentials: true\r\nx-xbox-platform: streaming\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=SbBCSPMz6WWKy8dVLvcMi1X9xV%2FIbP7dcAxu7XCa37ClCT31tgZXcjRUX%2B%2BeCou382eYDNF9pZDZab9FNYaOexxRnLS5%2Bn1sowmuuelQw9Fp25zj0zs%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a0be9f91db256b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":578,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"ce98c8e332c5ed7f77e656f748a88725","sha1":"69889ec5b51253fcd0302c74a7fc94ccf0190d25","sha256":"65efa255c53438e2ac7dc4df6fe8972d3abb9905273510e4ed98a6d8af133201","sha512":"5f31ad9332d35c2fb7153443a5162388e92b70a7a9ebf36f875da44bbd2dbad7f9039780652d8f4436718b45351bfc86b7539dced1dcc82863efd66ba128ffed","ssdeep":"","tlshash":"e0f0e1d25409c71557e1138ac84a6b3c911ad416cefa6c8ec4d75fc8c15c8e229ce3a1","first_seen":"2025-11-19T01:26:03.498816Z","last_seen":"2025-11-19T01:26:03.498816Z","times_seen":1,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":216,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sm.videqqwuieyui.com/thumbnails/xbox-streaming/1922505240733818882/22fccd6c-f4f5-493e-926c-7716ae14bf1b/screenshot/3x3.jpg","fqdn":"sm.videqqwuieyui.com","domain":"videqqwuieyui.com","tld":"com"},"ip":{"addr":"34.126.238.65","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.582Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sm.videqqwuieyui.com","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 05:36:57 GMT","end":"Wed, 03 Dec 2025 06:32:52 GMT"},"fingerprint":{"sha1":"FC:A6:40:BF:F6:86:15:F2:39:8C:A4:74:3B:0F:FD:A3:2E:F6:D6:50","sha256":"0E:E3:78:75:04:97:54:84:45:2A:C2:92:6A:4A:20:1D:0E:71:4F:F6:38:1F:A3:67:A5:27:D1:46:3E:B8:E7:86"}}},"request":{"raw":"GET /thumbnails/xbox-streaming/1922505240733818882/22fccd6c-f4f5-493e-926c-7716ae14bf1b/screenshot/3x3.jpg HTTP/1.1\r\nHost: sm.videqqwuieyui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 77272\r\nserver: Google-Edge-Cache\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A976C9C94B2DD35A51E6BCCE2\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nx-ccdn-origin-time: 404\r\nvia: EU-NLD-amsterdam-EDGE3-CACHE1[418],EU-NLD-amsterdam-EDGE3-CACHE1[414,TCP_MISS,415],EU-GER-frankfurt-GLOBAL1-CACHE10[407],EU-GER-frankfurt-GLOBAL1-CACHE3[404,TCP_MISS,406]\r\nx-hcs-proxy-type: 0\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 74e2b3bc719f66251ab52aaa5fcb8b50\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\nx-request-id: 382d0088-86d7-4c0c-89bf-74d434313dfe\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ndate: Tue, 18 Nov 2025 14:44:29 GMT\r\nage: 38461\r\nlast-modified: Thu, 26 Jun 2025 06:15:27 GMT\r\netag: \"eb1f31c5daeb5ba2ba7880af9515bd8a\"\r\ncontent-type: image/jpeg\r\ncache-control: public,max-age=86000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":77272,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, baseline, precision 8, 1008x1920, components 3","md5":"eb1f31c5daeb5ba2ba7880af9515bd8a","sha1":"41ab2a90e68f488bb342fe93c37216e2b2c313ef","sha256":"bd545500ddec3989a87e5797a2d8046f060a52008be017b794b94e7eb3240988","sha512":"7667713390e3cd40a86e54d93d323f9b644e98e82991c82a90f3ef1d637df1a52fba693bf7e72476d6d5704b5fffd24c95b952e63834a131bb82088205721521","ssdeep":"1536:VA3pq+Ox8rCx1dC3F2vRhEO3BfqI0lnJ5CgVAn+k2J0yQhrWhJpdnQD1yec25S3P:VA3pSxgCrIV2pLiHJ5zVe+x0ywuJpdnz","tlshash":"307302f79710009161931b90b874ac83b1707b7a8c919efb6813475f68b6beeee4de41","first_seen":"2025-11-19T01:26:03.500026Z","last_seen":"2025-11-19T01:26:03.500026Z","times_seen":1,"resource_available":false,"data":null}},"time_used":361,"timings":{"blocked":145,"dns":34,"connect":21,"send":0,"wait":27,"receive":44,"ssl":85},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"js.wpadmngr.com/static/adManager.js","fqdn":"js.wpadmngr.com","domain":"wpadmngr.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.605Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"js.wpadmngr.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 01 Nov 2025 03:32:41 GMT","end":"Fri, 30 Jan 2026 03:32:40 GMT"},"fingerprint":{"sha1":"E3:9D:D3:89:FB:90:7B:AA:8C:19:20:0E:65:8F:8A:B8:25:1C:19:1C","sha256":"DA:2F:33:FE:DB:D4:DD:3C:4D:80:E7:DE:2D:70:4B:D7:61:B4:0C:64:DA:A2:78:BB:8F:0B:66:29:AA:A3:2F:37"}}},"request":{"raw":"GET /static/adManager.js HTTP/1.1\r\nHost: js.wpadmngr.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx/1.18.0\r\nlast-modified: Thu, 06 Nov 2025 14:16:07 GMT\r\netag: W/\"690cada7-23bd9\"\r\ncontent-encoding: gzip\r\nexpires: Wed, 19 Nov 2025 01:30:30 GMT\r\ncache-control: max-age=300\r\nx-cdn-host-id: AH1747\r\nx-proxy-cache: HIT\r\naccess-control-allow-origin: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":146393,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"b2f0972afc8bc1fe3b080eb543a86b47","sha1":"ab71ef7d872e2a44f4aef851853fdf259f2fd746","sha256":"8c001a2bddac6af4af1e5aedba188d8fd9fd355208562fea36994d1418aadc68","sha512":"449884607fa6eb4ce120b484a0f3da066fa83bdc5f3bc14eb656d96606b9b47733d67876887b9218582b71d6b7445d8e55eab7adec3fc2463f2d6cce97eb22bf","ssdeep":"1536:ZaN12toXV0jtQyFem169zKKpKf7xbAQ9c+ts4aAUOPEH9ZoxlB5RnWM8k8MdnCjH:5Pemo9GqK9coDts0KnoxlTA7+da","tlshash":"78e34acdb2d2b07407e75059d83f1207b73a1a16b80c9058f6a6e9c17878dda9237f7a","first_seen":"2025-11-06T14:45:06.101541Z","last_seen":"2025-11-27T11:34:20.174539Z","times_seen":466,"resource_available":true,"data":null}},"time_used":275,"timings":{"blocked":127,"dns":51,"connect":23,"send":0,"wait":21,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"js.wpadmngr.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/users/494333?host=www.flowdoodxwn.com\u0026ev=224\u0026wh=1024\u0026ww=1280\u0026uuid=\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad\u0026i=1\u0026s1=1983049288540758018\u0026fs1=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.709Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.labadena.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 23:28:43 GMT","end":"Wed, 04 Feb 2026 23:28:42 GMT"},"fingerprint":{"sha1":"66:4E:04:65:51:00:00:6F:45:5C:CD:BC:6C:DD:60:70:78:C4:D0:F8","sha256":"57:1A:C5:4F:7F:E6:61:6B:64:F0:82:6B:5F:1D:34:EC:2B:4C:B2:39:E0:5B:C9:DE:A4:CA:BD:76:ED:3E:9A:61"}}},"request":{"raw":"GET /api/users/494333?host=www.flowdoodxwn.com\u0026ev=224\u0026wh=1024\u0026ww=1280\u0026uuid=\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad\u0026i=1\u0026s1=1983049288540758018\u0026fs1=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org HTTP/1.1\r\nHost: a.labadena.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nCookie: nauid=phqLjIR5yKplhhP7z9KV\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-robots-tag: noindex, nofollow\r\ncache-control: private\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":672,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (362)","md5":"bf8efbedb8e9e98e2d4cb84a8c533e51","sha1":"78f4bb2f7959f22a6bff51917d146b00ec5bfe27","sha256":"7c761bee5644dae36aba4c146b7d4a2eeaf4d669ccb6a9406f709d9ff6a4a667","sha512":"2a7b3a7c3a7c8aec11a1f47e0a5c459811afbe8b6bfabbd2714623daf467c390344abd544921dab1de46758c1056f850ff1babd5e12decc9eeaa03970a0225f0","ssdeep":"","tlshash":"56012d81938c65fb874890a3cc3d8fb64d8e48386b09a046fe74831a54ca08203a018b","first_seen":"2025-11-19T01:26:03.502165Z","last_seen":"2025-11-19T01:26:03.502165Z","times_seen":1,"resource_available":true,"data":null}},"time_used":290,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":289,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"a.labadena.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"f24d034841.4319a692b9.com/in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5NjY0NDE4MjU3MDkxMDQwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjIuMzguOCIsInRhZ19pZCI6MzQ5OTE5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0=","fqdn":"f24d034841.4319a692b9.com","domain":"4319a692b9.com","tld":"com"},"ip":{"addr":"45.133.44.52","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.689Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"f24d034841.4319a692b9.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 16 Nov 2025 02:48:08 GMT","end":"Sat, 14 Feb 2026 02:48:07 GMT"},"fingerprint":{"sha1":"A2:F8:60:AB:D3:8A:D5:7F:AF:EE:F5:04:C5:86:51:A4:43:DE:B5:EB","sha256":"34:F1:75:75:B0:64:CB:C9:A8:E3:BA:8F:7A:7D:C6:DA:A0:15:6D:C5:B4:95:8A:CF:F7:BF:58:D7:88:74:59:A8"}}},"request":{"raw":"GET /in/track?data=eyJ3bCI6MSwic3ViaWQiOjAsInVzZXJfaWQiOiI5NjY0NDE4MjU3MDkxMDQwMDAwIiwidGltZXpvbmUiOjAsInZlciI6IjIuMzguOCIsInRhZ19pZCI6MzQ5OTE5LCJzY3JlZW5fcmVzb2x1dGlvbiI6IjEyODB4MTAyNCIsImFkYmxvY2siOjAsInRpbWV6b25lX29sc29uIjoiVVRDIiwidXRtX3NvdXJjZSI6IiIsInV0bV9tZWRpdW0iOiIiLCJ1dG1fY2FtcGFpZ24iOiIiLCJ1dG1fY29udGVudCI6IiIsIm1tIjowLCJpbml0X3N0YXJ0X2xhdGVuY3kiOjAuNjgsImlzX3YyIjowLCJpc192Ml9lbXB0eSI6MH0= HTTP/1.1\r\nHost: f24d034841.4319a692b9.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-length: 0\r\nserver: nginx/1.18.0\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nx-cdn-host-id: AH1747\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/xml","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":440,"timings":{"blocked":204,"dns":157,"connect":21,"send":0,"wait":31,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-11-19","alert":"Sinkholed","trigger":"f24d034841.4319a692b9.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"enrtx.com/get/","fqdn":"enrtx.com","domain":"enrtx.com","tld":"com"},"ip":{"addr":"94.130.197.239","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:32.408Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"popunder-base.infrapu.sh","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 05 Nov 2025 02:48:33 GMT","end":"Tue, 03 Feb 2026 02:48:32 GMT"},"fingerprint":{"sha1":"DF:80:3A:A1:4E:A7:47:86:A1:5F:68:2B:5B:AF:F5:A8:BC:15:A6:70","sha256":"4D:BD:57:8F:2B:73:C5:49:EE:D9:2E:BE:D6:03:16:1E:BD:42:5D:7E:AA:12:FA:BF:8D:DF:AA:CB:5D:D0:5F:CD"}}},"request":{"raw":"POST /get/ HTTP/1.1\r\nHost: enrtx.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nContent-Type: text/plain;charset=UTF-8\r\nContent-Length: 1743\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx/1.16.0\r\ndate: Wed, 19 Nov 2025 01:25:32 GMT\r\ncontent-type: application/json\r\ncontent-length: 3140\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.16.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":9462,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"228782b66b4380e6f2e1eb00d3bd2ab2","sha1":"94fbf499e9a8aa0de75451e7fbcec3c1e9790c74","sha256":"9f6924ba8b1f98efa104ee066e4f3d32e8c0449af8c3bc19b102513eb07811bc","sha512":"2edd885e23f817a8218d3b0e2b9f2e3fe9ccae95904b2ab0ccbf095bc5258fdf745e200ea6b9d6ce7d6e5086833ebbea5f8156764542bca386e02dcdb7c53f51","ssdeep":"96:z0A2itIrwzFByrRZTIyhvzlbaX7YgSRI/Sldy+1rIyhvzlbaX7YgSFIaA2itIrwZ:KB8LyTsmpbM6lshmpbgwB8LyTqlsw","tlshash":"1d1208437297e8116c9ed8c2f2a7a324cb5bd0b25e8748cfd9ba4764858d36200c9f5d","first_seen":"2025-11-19T01:26:03.504199Z","last_seen":"2025-11-19T01:26:03.504199Z","times_seen":1,"resource_available":false,"data":null}},"time_used":424,"timings":{"blocked":94,"dns":14,"connect":25,"send":0,"wait":234,"receive":1,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/favicon.ico","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:28.270Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:28 GMT\r\ncontent-type: text/html\r\npriority: u=6,i=?0\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A9683092DB01E46363483457D\r\nlast-modified: Tue, 18 Nov 2025 10:27:12 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nvia: EU-ESP-madrid-AREA1-CACHE6[2],EU-ESP-madrid-AREA1-CACHE5[0,TCP_HIT,1],EU-IRL-dublin-GLOBAL1-CACHE3[5],EU-IRL-dublin-GLOBAL1-CACHE20[0,TCP_HIT,1]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 58fe0533402b024e41b2cda840cd5a04\r\nnginx-hit: 1\r\nage: 53761\r\nx-ccdn-expires: 2538239\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dHKJ%2BmwRNpANdEXnXMN0C37lBPlTaQd4BOWdGio1Paql0Y8PlaWJJh1715kX0LMnlsxUzjeDSltYkfISACIGXbf2aHUflVfx0oTAHb1WelLH\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9a0be9f3ac00568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Google Analytics","description":"Google Analytics is a free web analytics service that tracks and reports website traffic.","website":"https://google.com/analytics","common_platform_enumeration":"","icon":"Google Analytics.svg","categories":["Analytics"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":2018,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"c34918feb6a7c8e0ebda3a6796dfd70b","sha1":"605278142c39331c87ee38c5237f2ebc904333c3","sha256":"39bc8f5e341ab02c925a62428c2cab425b9e10f122733cf96d01f9af4612b4a9","sha512":"968623af6c0ee6f219dea2e6ddcefb56edc221bac45b4fcca6869e81e574d268d4761227f10d4adfe2ccb97ef90d4eeb81e8b8bc1c6d0c353c9ff525b39b291a","ssdeep":"","tlshash":"6641319b2de3884924205e556fd2f228ae56b2035b19ed4475ee727ccf85b83cdc38a4","first_seen":"2025-11-19T01:26:03.456971Z","last_seen":"2025-11-19T01:26:03.456971Z","times_seen":1,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/icon-L3kzdSYP-1763461621343.png","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /assets/icon-L3kzdSYP-1763461621343.png HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org\r\nCookie: _ga_FZ6E2FXG92=GS2.1.s1763515528$o1$g0$t1763515528$j60$l0$h0; _ga=GA1.1.1998586772.1763515529\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: image/png\r\ncontent-length: 12350\r\npriority: u=4,i=?0\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A9681F4B3B0D69CAB84C5185B\r\netag: \"37e3e456df677e380ab34f5e0043db7d\"\r\nlast-modified: Tue, 18 Nov 2025 10:27:11 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nvia: EU-FRA-marseille-EDGE3-CACHE19[3],EU-FRA-marseille-EDGE3-CACHE14[0,TCP_HIT,2],EU-IRL-dublin-GLOBAL1-CACHE8[386],EU-IRL-dublin-GLOBAL1-CACHE1[378,TCP_MISS,379]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 0c65d3925951ea795804cd5b1ab70afb\r\nnginx-hit: 1\r\nage: 3864\r\nx-ccdn-expires: 2591805\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ClatUiHe7G2zrHpxtwBE%2Bu9kADD4cF3cviOy0Zsyk6%2Byes2Yspwjlo1FImkmtdprNw307tQI2m3S3JyzHu1kttnWhzEnLvco%2B458hRYIPkPd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9a0bea018fd4568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":12350,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 500 x 500, 8-bit/color RGB, non-interlaced","md5":"37e3e456df677e380ab34f5e0043db7d","sha1":"64ad1b4cca68328e5d987582f76ae59ea79a2d63","sha256":"0d8d6d6357c54934d059569ec6bd54e03b1f0ebad04ace58f8af20a88c2ea8a1","sha512":"7850cd6a4b9fe0cf8b0f1c07851fa283d4929e8d03e2c860470d89b621fbc3147a83812facd7f6b51b2fcc1bafb3cafabae9694077b9497bf7570c83983a273e","ssdeep":"192:whxxxL8uzJHxhnGn6dm0rrkV5Hm1qjDbPU6tbNi/esZtkcJ7Pzx0Xqh8:whxxxlRxhI6Zy5G1uDA+bNetvhVc08","tlshash":"dc429df7d9287f5827e17b23bad19a22f0ed40ae92056004f5da45b757393c8c046e93","first_seen":"2025-06-18T09:39:56.944198Z","last_seen":"2026-02-27T13:27:16.34167Z","times_seen":398,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":8,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.frankeye.pro/ecc874/fca3e5ee8e1d.js","fqdn":"www.frankeye.pro","domain":"frankeye.pro","tld":"pro"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.880Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.frankeye.pro","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 07:03:13 GMT","end":"Sun, 15 Feb 2026 07:03:12 GMT"},"fingerprint":{"sha1":"63:41:D5:49:FE:2A:E8:88:F1:92:F2:67:99:F6:DD:05:30:A7:28:CC","sha256":"FC:5F:86:B0:43:8B:A9:2B:50:7C:7B:B5:40:8C:5E:2A:A3:51:C0:FE:2D:AD:39:1A:79:3F:78:11:B6:5B:5D:DA"}}},"request":{"raw":"GET /ecc874/fca3e5ee8e1d.js HTTP/1.1\r\nHost: www.frankeye.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: text/plain\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Fri, 21 Nov 2025 01:25:30 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103673,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"7c358a38fe209a10e2f8719400e7c60f","sha1":"d314ea7023d3597fa1990e360078fe70b0f7b25f","sha256":"49527ca559c345c49a1ea6b3624fa052d9fd76d73538a0414333ad4584906c6c","sha512":"b0d954ef2a287e72188c940f278b882461abbe7b8858788091576145747adacb81766bb8e3767154867d0076ee0dbeef73bd4b3c9c81a41fab7e347bb772ed1c","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvc:OijxEQq3P5Enne9zkWHLq","tlshash":"ffa33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2025-11-17T08:56:37.631757Z","last_seen":"2025-11-19T07:52:14.537628Z","times_seen":27,"resource_available":true,"data":null}},"time_used":198,"timings":{"blocked":81,"dns":26,"connect":19,"send":0,"wait":35,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"29391925-36946-ex.coreadness.com/iCVCCIEzNA7kZtczvVjDLi9Mktk7qIvcL_RePM2ZHZMSMpqRotxX9M6OV9ZibZHeztkLK6Qiha69FenlHea5aULCk6eXuLnWeAARGO8ke3phtcxwxrWpRx9dzbMwmoby5ts815AkPvLgqhP1LjCNPIUDVroBbNYT?kws=\u0026pageUri=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026referer=\u0026bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0%22%2C%22false%22%2C%22Win32%22%2C%22llvmpipe%22%2C%22Mozilla%22%2C%22llvmpipe%22%2C%22Mesa%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Wed%20Nov%2019%202025%2001%3A25%3A30%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22true%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D\u0026btdb=0\u0026prsl=1","fqdn":"29391925-36946-ex.coreadness.com","domain":"coreadness.com","tld":"com"},"ip":{"addr":"88.208.22.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:33.854Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.coreadness.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Wed, 12 Nov 2025 21:05:03 GMT","end":"Tue, 10 Feb 2026 21:05:02 GMT"},"fingerprint":{"sha1":"89:82:4E:14:29:AC:D8:0D:F9:2B:EC:E9:59:46:92:A7:CD:F5:8E:56","sha256":"77:91:79:3C:A1:EC:26:08:21:E9:DF:B3:01:E7:50:89:31:B0:3A:2A:BE:8A:15:28:99:F3:59:CE:2D:3E:C0:FE"}}},"request":{"raw":"GET /iCVCCIEzNA7kZtczvVjDLi9Mktk7qIvcL_RePM2ZHZMSMpqRotxX9M6OV9ZibZHeztkLK6Qiha69FenlHea5aULCk6eXuLnWeAARGO8ke3phtcxwxrWpRx9dzbMwmoby5ts815AkPvLgqhP1LjCNPIUDVroBbNYT?kws=\u0026pageUri=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026referer=\u0026bdd=%5B%22Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0%22%2C%22false%22%2C%22Win32%22%2C%22llvmpipe%22%2C%22Mozilla%22%2C%22llvmpipe%22%2C%22Mesa%22%2C%22false%22%2C%22true%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%221280%22%2C%221024%22%2C%22false%22%2C%221%22%2C%2248%22%2C%220%22%2C%22aaaaacccefiflmmprrsstlllecstaaahtscellllpss%22%2C%22Wed%20Nov%2019%202025%2001%3A25%3A30%20GMT%2B0000%20(GMT)%22%2C%220%22%2C%22en-US%22%2C%22en-US%2Cen%22%2C%22false%22%2C%22true%22%2C%22781877177%22%2C%222697903995%22%2C%222%22%2C%22false%22%2C%22%5B%5D%22%5D\u0026btdb=0\u0026prsl=1 HTTP/1.1\r\nHost: 29391925-36946-ex.coreadness.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:34 GMT\r\ncontent-type: text/plain; charset=UTF-8\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nreferrer-policy: unsafe-url\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory\r\naccept-ch-lifetime: 31536000\r\np3p: CP=\"NOI DEVa TAIa OUR BUS UNI STA\"\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\nlast-modified: Wed, 19 Nov 2025 01:25:34 UTC\r\nexpires: Wed, 19 Nov 2025 01:25:34 UTC\r\nset-cookie: _ccid=9775797465126141501; expires=Sun, 19 Nov 2028 01:25:33 GMT; domain=coreadness.com; path=/; HttpOnly; secure; SameSite=None\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":1556,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with very long lines (1556), with no line terminators","md5":"0be6f1e3b3e65500e99cbff3f49faef4","sha1":"1d7cfacd2accf4e5d2e7252a1bddcdd105524eaa","sha256":"678160b82cff373e2e2de9c4039ff799fe97566ae0ad74fc34debce2e681b328","sha512":"32c00d778b805c28c2d7c062faae704e4eab74e284b9a52edb7920025c0874803d994fc6df30e7542c87bd8df9ec32c549d9467d00a64a074dfab78c2c5df7ef","ssdeep":"","tlshash":"3a31076933a4d0abfae32552950cfbedc012be4d29c4f784acc0c684b193d11691bc24","first_seen":"2025-11-19T01:26:03.508574Z","last_seen":"2025-11-19T01:26:03.508574Z","times_seen":1,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":78,"dns":23,"connect":17,"send":0,"wait":96,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/users/494331?v2=1\u0026fill=0\u0026s1=1983049288540758018\u0026fs1=1\u0026i=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.569Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.labadena.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 23:28:43 GMT","end":"Wed, 04 Feb 2026 23:28:42 GMT"},"fingerprint":{"sha1":"66:4E:04:65:51:00:00:6F:45:5C:CD:BC:6C:DD:60:70:78:C4:D0:F8","sha256":"57:1A:C5:4F:7F:E6:61:6B:64:F0:82:6B:5F:1D:34:EC:2B:4C:B2:39:E0:5B:C9:DE:A4:CA:BD:76:ED:3E:9A:61"}}},"request":{"raw":"GET /api/users/494331?v2=1\u0026fill=0\u0026s1=1983049288540758018\u0026fs1=1\u0026i=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad HTTP/1.1\r\nHost: a.labadena.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: text/xml\r\nvary: Accept-Encoding\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-expose-headers: X-Asg-Config, X-t\r\nset-cookie: nauid=Y3QEIvAbn00fJU3Of5TU; Path=/; Expires=Wed, 11 Nov 2037 11:11:11 GMT; Secure; SameSite=None\r\nx-robots-tag: noindex, nofollow\r\nx-t: 0\r\ncache-control: private\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":96,"size_decoded":0,"mime_type":"text/xml","magic":"XML 1.0 document, ASCII text","md5":"73d174f378b492e8958d14c2e6a9a4ec","sha1":"7d699dc411131a000b55c5e3808d6c75b443a25f","sha256":"c6f441dbb28602e988f9ae260f3f9c8556ac8d11eac13a6f997c04519267a621","sha512":"dd3c103c5a448e2e3df63dd51379b0f2225bbe5ce804402f5b13d102bd64500652eff4a136f311426d152d0068f4e9d0ce036e054b567246fb9e1a4156c0d195","ssdeep":"","tlshash":"e0b012867301b43305f16f135b24c01513783b85089d588ce8f30ad01e6440c03481ce","first_seen":"2025-09-24T04:41:31.323262Z","last_seen":"2025-11-20T22:31:42.782605Z","times_seen":115,"resource_available":false,"data":null}},"time_used":85,"timings":{"blocked":35,"dns":1,"connect":15,"send":0,"wait":14,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"a.labadena.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.frankeye.pro/ecc874/fca3e5ee8e1d.js","fqdn":"www.frankeye.pro","domain":"frankeye.pro","tld":"pro"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.882Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.frankeye.pro","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 17 Nov 2025 07:03:13 GMT","end":"Sun, 15 Feb 2026 07:03:12 GMT"},"fingerprint":{"sha1":"63:41:D5:49:FE:2A:E8:88:F1:92:F2:67:99:F6:DD:05:30:A7:28:CC","sha256":"FC:5F:86:B0:43:8B:A9:2B:50:7C:7B:B5:40:8C:5E:2A:A3:51:C0:FE:2D:AD:39:1A:79:3F:78:11:B6:5B:5D:DA"}}},"request":{"raw":"GET /ecc874/fca3e5ee8e1d.js HTTP/1.1\r\nHost: www.frankeye.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Fri, 21 Nov 2025 01:25:30 GMT\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103673,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"7c358a38fe209a10e2f8719400e7c60f","sha1":"d314ea7023d3597fa1990e360078fe70b0f7b25f","sha256":"49527ca559c345c49a1ea6b3624fa052d9fd76d73538a0414333ad4584906c6c","sha512":"b0d954ef2a287e72188c940f278b882461abbe7b8858788091576145747adacb81766bb8e3767154867d0076ee0dbeef73bd4b3c9c81a41fab7e347bb772ed1c","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvc:OijxEQq3P5Enne9zkWHLq","tlshash":"ffa33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2025-11-17T08:56:37.631757Z","last_seen":"2025-11-19T07:52:14.537628Z","times_seen":27,"resource_available":true,"data":null}},"time_used":208,"timings":{"blocked":86,"dns":23,"connect":23,"send":0,"wait":36,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/users/494246?host=www.flowdoodxwn.com\u0026ev=224\u0026wh=1024\u0026ww=1280\u0026uuid=\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad\u0026i=1\u0026s1=1983049288540758018\u0026fs1=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.226Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.labadena.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 23:28:43 GMT","end":"Wed, 04 Feb 2026 23:28:42 GMT"},"fingerprint":{"sha1":"66:4E:04:65:51:00:00:6F:45:5C:CD:BC:6C:DD:60:70:78:C4:D0:F8","sha256":"57:1A:C5:4F:7F:E6:61:6B:64:F0:82:6B:5F:1D:34:EC:2B:4C:B2:39:E0:5B:C9:DE:A4:CA:BD:76:ED:3E:9A:61"}}},"request":{"raw":"GET /api/users/494246?host=www.flowdoodxwn.com\u0026ev=224\u0026wh=1024\u0026ww=1280\u0026uuid=\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org\u0026sid=0cdb534f-5a5a-4683-ba27-078c4686b2ad\u0026i=1\u0026s1=1983049288540758018\u0026fs1=1\u0026url=https%3A%2F%2Fwww.flowdoodxwn.com%2Fe%2FKByh0dxu%3Flv1%3Dcdnvideq.org HTTP/1.1\r\nHost: a.labadena.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nCookie: nauid=phqLjIR5yKplhhP7z9KV\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-robots-tag: noindex, nofollow\r\ncache-control: private\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":660,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (351)","md5":"45d1b5e5ce4e58ea944a93fa93de9961","sha1":"06dda0be8ff538bdf71a7ae5778c7e06295de198","sha256":"8032f65199943722672b49b7956234db8ebd81a0aff66bac4ed073a89a6d6056","sha512":"b3872a9e15cf73403352efb5cec1d39e7d8e8e4df09b775a2edaaaf60fc1f17cf9b13983443c415962af5265f21350625a0dd2ce8ac4ba18cec05f36b5ffd9a6","ssdeep":"","tlshash":"5b01dd81829c65fb474860a3cd3d4f725a8e457467556056fa24830e58ca08142a019b","first_seen":"2025-11-19T01:26:03.513468Z","last_seen":"2025-11-19T01:26:03.513468Z","times_seen":1,"resource_available":true,"data":null}},"time_used":332,"timings":{"blocked":318,"dns":0,"connect":0,"send":0,"wait":14,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"a.labadena.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"api.lixstreamingcaio.com/v2/s/assets/f?id=3d5084d2-3479-45b1-a1bd-beb6db65766d\u0026uid=1983049288540758018","fqdn":"api.lixstreamingcaio.com","domain":"lixstreamingcaio.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.560Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"lixstreamingcaio.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 23 Oct 2025 09:33:43 GMT","end":"Wed, 21 Jan 2026 10:32:28 GMT"},"fingerprint":{"sha1":"4B:56:A4:B4:FD:CC:C3:10:87:7C:9D:AF:AA:DD:15:76:A6:A6:24:82","sha256":"47:9F:6B:6B:87:90:3E:BD:D7:80:43:FF:15:2C:13:C1:55:79:08:46:0A:9F:49:69:9F:4A:06:B8:50:C5:B3:3A"}}},"request":{"raw":"GET /v2/s/assets/f?id=3d5084d2-3479-45b1-a1bd-beb6db65766d\u0026uid=1983049288540758018 HTTP/1.1\r\nHost: api.lixstreamingcaio.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nContent-Type: application/json\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/json\r\npriority: u=4,i=?0\r\nvary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers\r\naccess-control-allow-origin: https://www.flowdoodxwn.com\r\naccess-control-expose-headers: X-Error-Code\r\naccess-control-allow-credentials: true\r\nx-xbox-platform: streaming\r\nserver: cloudflare\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=onfGyg%2FhaNTXo8nnProV3rH2GCEwMDhh7rlcnb0Uv0fsBwI3NYBSP6t5h1DJ6brUAyudLqLG%2F82EiT7ziDFZijwe5s92TpG9fI3HV5pNsIhBz0KO59WP7w%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9a0be9fbbe1832fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"bca3efc2d832c2ada78d7355ccecfae5","sha1":"2b358eb52737cea8448a0bab1e924c6cae24dbe8","sha256":"b57a9a74c94a18cdf6f0df6df5efc98d38e9e55caf647dd9439e4112492c2b05","sha512":"ffdf09e68be667b03f0b45c830556672818ad328d3e83d4d14b8f23c9d41e133a8ef99c5e9fc47d06a09d4ed4e0bae77133a62805a6ec01c2490e5b31bc0e9f9","ssdeep":"","tlshash":"0bc080547567109759d19af15b75754f15e02118590812b7a83ee44147900197545170","first_seen":"2025-11-19T01:26:03.515333Z","last_seen":"2025-11-19T01:26:03.515333Z","times_seen":1,"resource_available":false,"data":null}},"time_used":776,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":776,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sm.videqqwuieyui.com/xbox-streaming/1922505240733818882/8022a6dc-b697-4c64-8ea5-f0e81b011a87.mp4","fqdn":"sm.videqqwuieyui.com","domain":"videqqwuieyui.com","tld":"com"},"ip":{"addr":"34.126.238.65","port":443,"asn":396982,"as":"GOOGLE-CLOUD-PLATFORM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.636Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"sm.videqqwuieyui.com","organization":""},"issuer":{"commonName":"WR3","organization":"Google Trust Services"},"validity":{"start":"Mon, 03 Nov 2025 05:36:57 GMT","end":"Wed, 03 Dec 2025 06:32:52 GMT"},"fingerprint":{"sha1":"FC:A6:40:BF:F6:86:15:F2:39:8C:A4:74:3B:0F:FD:A3:2E:F6:D6:50","sha256":"0E:E3:78:75:04:97:54:84:45:2A:C2:92:6A:4A:20:1D:0E:71:4F:F6:38:1F:A3:67:A5:27:D1:46:3E:B8:E7:86"}}},"request":{"raw":"GET /xbox-streaming/1922505240733818882/8022a6dc-b697-4c64-8ea5-f0e81b011a87.mp4 HTTP/1.1\r\nHost: sm.videqqwuieyui.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 206 Partial Content\r\nserver: Google-Edge-Cache\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A99605254B014DC8A73365341\r\nx-amz-uploadid: 000001974DC0D057B019F3A6FD267023\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nx-ccdn-origin-time: 341\r\nvia: EU-NLD-amsterdam-EDGE3-CACHE1[352],EU-NLD-amsterdam-EDGE3-CACHE1[350,TCP_MISS,351],EU-GER-frankfurt-GLOBAL1-CACHE5[343],EU-GER-frankfurt-GLOBAL1-CACHE1[341,TCP_MISS,343]\r\nx-hcs-proxy-type: 0\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 5f2aafc345c8e7af3b926b2a751cd252\r\naccept-ranges: bytes\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\nx-request-id: 4dc74cbf-73b7-4891-ad9c-289f768b97d7\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\ncontent-length: 6064936\r\ndate: Tue, 18 Nov 2025 23:50:18 GMT\r\nage: 5712\r\nlast-modified: Sun, 08 Jun 2025 04:16:11 GMT\r\netag: \"901bae6a67160eb134a682821de75362-3\"\r\ncontent-type: video/mp4\r\ncontent-range: bytes 0-6064935/6064936\r\ncache-control: public,max-age=86000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":6064936,"size_decoded":0,"mime_type":"video/mp4","magic":"ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]","md5":"872e70bdfd095cd1d973be2eb4d9109a","sha1":"eb7c1cf5ccf8f7d464f988ea1e79f89649111e08","sha256":"8e2dfa5b3a91168dc5ebb62af49edbbb5bc6d9b5dec22a0700440f78117a7e20","sha512":"e1fff809dda46a452b724fc0062e67a5bb733787c62bde59e5e59ef448db2d579880764324d71f827fd93c941aee18c45dd52a0fb63dfc89dab28236b2f26f01","ssdeep":"12288:v+WMbFCQyxJSmxMWLYIWYkrdVDh19rZKykIFhHgtnVg+7t2sXicGjbYHSHJEq0j:9iFCLJSm2Okr3Dh3rIykH7tNizHt+","tlshash":"392512a86335349bea623730b8c45720b37de91917a3438bcb9843cf7c617995eb21d9","first_seen":"2025-11-19T01:26:03.517299Z","last_seen":"2025-11-19T01:26:03.517299Z","times_seen":1,"resource_available":false,"data":null}},"time_used":910,"timings":{"blocked":-1,"dns":0,"connect":8,"send":0,"wait":93,"receive":660,"ssl":139},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ntvpforever.com/keywords","fqdn":"ntvpforever.com","domain":"ntvpforever.com","tld":"com"},"ip":{"addr":"167.235.163.216","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:31.685Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"inpage.infrapu.sh","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 26 Oct 2025 02:00:40 GMT","end":"Sat, 24 Jan 2026 02:00:39 GMT"},"fingerprint":{"sha1":"2B:72:A9:3F:14:00:92:B9:05:AC:BC:3B:22:CB:D9:87:80:23:C8:3D","sha256":"60:5B:BA:7E:5F:7A:B1:E0:55:4D:4C:29:EA:C7:21:68:37:AF:03:5B:A7:3D:15:98:F1:65:96:AB:4A:3E:17:3B"}}},"request":{"raw":"OPTIONS /keywords HTTP/1.1\r\nHost: ntvpforever.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://www.flowdoodxwn.com/\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 204 No Content\r\nserver: nginx/1.20.1\r\ndate: Wed, 19 Nov 2025 01:25:31 GMT\r\nvary: Origin\r\ncache-control: no-transform, no-cache, no-store, must-revalidate\r\npragma: no-cache\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: *\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Nginx:1.20.1","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T11:47:06.182466Z","times_seen":13373545,"resource_available":true,"data":null}},"time_used":367,"timings":{"blocked":167,"dns":91,"connect":25,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/vendor-chunks-DoTr35U9-1763461621343.css","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:27.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /assets/vendor-chunks-DoTr35U9-1763461621343.css HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:27 GMT\r\ncontent-type: text/css\r\npriority: u=2,i=?0\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A9681AE4CB2DD36DD8AB39FFA\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 18 Nov 2025 10:27:12 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nvia: LA-MEX-mexicocity-EDGE3-CACHE2[3],LA-MEX-mexicocity-EDGE3-CACHE3[0,TCP_HIT,3],LA-MEX-mexicocity-GLOBAL1-CACHE18[3],LA-MEX-mexicocity-GLOBAL1-CACHE19[0,TCP_HIT,2]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 35ce2abe0bae73c2089639c94deb8204\r\nnginx-hit: 1\r\nage: 2928\r\nx-ccdn-expires: 2591100\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=aH0qm51pnOUsV%2B1muDoVknzcsi2pbL%2Fp3YY9NAaLoGQIfDTXvoikNM0TlQOtvoI%2BKLdYJaDQdRTyENK0GKYWoQlvUbUmIP9m6Tdi0ni1PSuf\"}]}\r\netag: W/\"583c695c76766d48b720411106e87599\"\r\ncontent-encoding: br\r\ncf-ray: 9a0be9f17b6f568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":161718,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65536), with no line terminators","md5":"583c695c76766d48b720411106e87599","sha1":"e7e75b7ea87593b675eac8f4937a1af7db66f102","sha256":"3f61af115313bbfe92c14794125043e3c53029cc5be9de758ce7a6a4e503275d","sha512":"a9c008b55f23c2460d6650529750b10d9ff30b66cdeb90ca7ad75ec21bb350c619593ae0e01975bacf784d013e08795f40f95c365deeaa4e594a6aa3785e2756","ssdeep":"768:eK4kaqXtxtd5+NuoRbV/es4idulogKFjY3xkjS5nz1miiJykXEK1rBw0OBp6EnUp:eKLvTdw7tejDxkjS5nzK8BTpZaKjpi","tlshash":"58f39569ea10a27de91faf259bc49f8ca224e881cd311af7f685610c4dc3bf115e274d","first_seen":"2025-06-14T07:01:13.355089Z","last_seen":"2026-02-27T13:27:16.333567Z","times_seen":523,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":14,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.flowdoodxwn.com/assets/vendor-chunks-C1aPRBDq-1763461621343.js","fqdn":"www.flowdoodxwn.com","domain":"flowdoodxwn.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:27.981Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"flowdoodxwn.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 26 Sep 2025 05:54:15 GMT","end":"Thu, 25 Dec 2025 06:52:42 GMT"},"fingerprint":{"sha1":"DA:FF:54:36:61:AE:68:21:E0:25:1B:19:C3:0E:A4:0A:E2:B0:A4:3B","sha256":"B5:3A:E4:11:C7:48:60:33:52:05:5C:23:C5:02:28:F2:E4:8A:EC:59:A2:EA:F5:A2:AD:F0:C3:3B:89:22:DE:37"}}},"request":{"raw":"GET /assets/vendor-chunks-C1aPRBDq-1763461621343.js HTTP/1.1\r\nHost: www.flowdoodxwn.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/assets/main-BvvAt3kL-1763461621343.js\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 19 Nov 2025 01:25:27 GMT\r\ncontent-type: application/x-javascript\r\npriority: u=3,i=?0\r\nserver: cloudflare\r\nx-reserved: amazon, aws and amazon web services are trademarks or registered trademarks of Amazon Technologies, Inc\r\ncloudservicediscount: CDN\r\nx-amz-request-id: 0000019A9681D987B2DAAB07509C2B9F\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Tue, 18 Nov 2025 10:27:12 GMT\r\nx-amz-id-2: 36AAAQAAEAABAAAQAAEAABAAAQAAEAABAAAaI=AAAAAAAAAAAAAAAAAAAAAAAAAA\r\nvia: EU-FRA-marseille-EDGE3-CACHE11[2],EU-FRA-marseille-EDGE3-CACHE16[0,TCP_HIT,1],EU-IRL-dublin-GLOBAL1-CACHE1[226],EU-IRL-dublin-GLOBAL1-CACHE3[223,TCP_MISS,225]\r\nx-hcs-proxy-type: 1\r\nx-ccdn-cachettl: 2592000\r\nx-ccdn-req-id-46b1: 2f9a10446fdf935e5bc77b9f2c6cfe31\r\nnginx-hit: 1\r\nage: 2929\r\nx-ccdn-expires: 2591105\r\naccess-control-expose-headers: *\r\naccess-control-allow-origin: *\r\ncontent-disposition: inline\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TXoQPZgXLcX7ObOc7JjkTvKY1pjibSsXKyVPXt%2ByBGeoNBzHOqtYhe0pxuWmf8dtX2q6MeabOL04J%2BJabJIcondFwOeY8fJdJ%2BwzO35z0j4L\"}]}\r\netag: W/\"50d712bd0033f3622be3eb62bdf0ee37\"\r\ncontent-encoding: br\r\ncf-ray: 9a0be9f1eb84568f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1270326,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (37925)","md5":"d5ffa44357e80f1c65fe87c30587f50b","sha1":"49a1b3fff2091d1562aa749bccd4c98a4cd4ed15","sha256":"966cc679f98dd01db5c608878ab396b5825fdcfbe3264cd2f00989ae989c64ca","sha512":"324ae875fa279ce79883c0ce2e7c6e6eb6fb740c232bee33e83c8734e73a4a89856d3e8ed9d544f98139564b8df901ee315833ef562df7b88f94eb6701e8b4a6","ssdeep":"24576:TLgcTD3IaDerXpsBbIw98z6CS2dSG6MIIsPGiUcWFYMKduqC8:TscTD3IaDerXpsBbIw98z6Cz6MIIsPGs","tlshash":"26254bd932a6706287d361a4503f5207723a7d16248cc45cf63af9ea2eb8d09647bf7c","first_seen":"2025-11-03T21:11:09.309439Z","last_seen":"2026-01-18T18:49:56.054383Z","times_seen":122,"resource_available":false,"data":null}},"time_used":50,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":7,"receive":42,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"a.labadena.com/api/settings/494334","fqdn":"a.labadena.com","domain":"labadena.com","tld":"com"},"ip":{"addr":"37.27.230.125","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Finland","country_code":"FI"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:29.541Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"a.labadena.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Thu, 06 Nov 2025 23:28:43 GMT","end":"Wed, 04 Feb 2026 23:28:42 GMT"},"fingerprint":{"sha1":"66:4E:04:65:51:00:00:6F:45:5C:CD:BC:6C:DD:60:70:78:C4:D0:F8","sha256":"57:1A:C5:4F:7F:E6:61:6B:64:F0:82:6B:5F:1D:34:EC:2B:4C:B2:39:E0:5B:C9:DE:A4:CA:BD:76:ED:3E:9A:61"}}},"request":{"raw":"GET /api/settings/494334 HTTP/1.1\r\nHost: a.labadena.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://www.flowdoodxwn.com/\r\nOrigin: https://www.flowdoodxwn.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:29 GMT\r\ncontent-type: application/json\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\nx-robots-tag: noindex, nofollow\r\ncache-control: private\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":33,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1be64b6d6652effba7dcf744e90def6a","sha1":"d9fbc7d1fa49fa4733f90a3739882d63972c2352","sha256":"72d79d0ad9a70ef53c1bab65c588d44bffb1a1b5aba0eb2f9f6a886c4c3aec4f","sha512":"ff1aee5b5d4ba25f4f78a0ddc80cd878856815c1ded88b32370c72bff242e73522e6aefb60fa5e53c434f10d2611dab7679152edf9321edc2b656e0265ef7006","ssdeep":"","tlshash":"408004c00dc1545410c010f4434043150103140f535c3304d41d1701147f4d17030150","first_seen":"2023-04-06T10:58:14Z","last_seen":"2026-04-05T09:59:59.853946Z","times_seen":7157,"resource_available":false,"data":null}},"time_used":112,"timings":{"blocked":49,"dns":11,"connect":13,"send":0,"wait":14,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-11-18","alert":"Sinkholed","trigger":"a.labadena.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"36946.phidonatome.com/4/js/260941","fqdn":"36946.phidonatome.com","domain":"phidonatome.com","tld":"com"},"ip":{"addr":"88.208.22.4","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.flowdoodxwn.com/e/KByh0dxu?lv1=cdnvideq.org","date":"2025-11-19T01:25:30.612Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.phidonatome.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Mon, 10 Nov 2025 09:13:10 GMT","end":"Sun, 08 Feb 2026 09:13:09 GMT"},"fingerprint":{"sha1":"D1:79:EC:D3:41:C5:94:89:05:BD:DF:2C:EA:FE:0D:E3:B2:42:25:47","sha256":"44:7D:1E:F2:C0:52:2F:E1:0F:B3:A0:98:03:B5:E2:57:13:66:36:49:33:A6:9D:B4:E1:45:A3:41:BB:EA:43:CE"}}},"request":{"raw":"GET /4/js/260941 HTTP/1.1\r\nHost: 36946.phidonatome.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.flowdoodxwn.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 19 Nov 2025 01:25:30 GMT\r\ncontent-type: application/javascript; charset=UTF-8\r\ncontent-length: 11317\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-max-age: 86400\r\nreferrer-policy: unsafe-url\r\naccept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Device-Memory\r\naccept-ch-lifetime: 31536000\r\nset-cookie: _ccid=9775797465126141501; expires=Sun, 19 Nov 2028 01:25:30 GMT; domain=phidonatome.com; path=/; HttpOnly; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":31401,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (31401), with no line terminators","md5":"327fca1e17453340ba213af0d4604c1d","sha1":"dfe805d25429693418fda9f7f52db1bfb1898187","sha256":"2a8e43ecc25725d219f72e512df536c1e7f4329a7941c4a38cfc28221817ce8a","sha512":"e07ab4667529d63e4522f3ac4aac2ccccf15da6427e68182cccb3f185fcfd2f7bba5a4719d87748098af25e738e4da544559ed657f75f9f04182eb8b5436412b","ssdeep":"768:HFmbr/4nqZVnyTPxVC2/R3hMwsZwJmvnDY87bBZzBPZvzXRb7iGqj:AyxnufF3qj","tlshash":"3ee22a95f996703043f7087a403f511af3361a94789e8460da2b99c22c66f8b837bf7d","first_seen":"2025-11-19T01:26:03.523394Z","last_seen":"2025-11-19T01:26:03.523394Z","times_seen":1,"resource_available":true,"data":null}},"time_used":209,"timings":{"blocked":82,"dns":19,"connect":19,"send":0,"wait":35,"receive":1,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}