{"report_id":"67db7b24-fb26-45b0-b26a-87d0e185af92","version":6,"status":"done","tags":[],"date":"2025-09-29T03:08:22Z","url":{"schema":"http","addr":"kosmha.com","fqdn":"kosmha.com","domain":"kosmha.com","tld":"com"},"ip":{"addr":"172.67.151.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"title":"..."},"submit":{"url":{"schema":"http","addr":"kosmha.com","fqdn":"kosmha.com","domain":"kosmha.com","tld":"com"},"ip":{"addr":"172.67.151.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-03T03:08:22Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":15}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"ngonovideo.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"wayfarerorthodox.com","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-09-29T02:36:36.800259Z","alert_count":2,"request_count":1,"received_data":0,"sent_data":524,"comment":"","tags":null,"fingerprints":null},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-09-24T04:23:33.461221Z","alert_count":3,"request_count":1,"received_data":85963,"sent_data":408,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-09-28T22:47:07.461516Z","alert_count":4,"request_count":2,"received_data":10464,"sent_data":2590,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"traffichubcontrol.com","ip":{"addr":"168.119.149.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"domain_registered":"2025-08-27","domain_rank":0,"first_seen":"2025-09-10T02:42:52.780634Z","last_seen":"2025-09-26T10:06:47.064931Z","alert_count":0,"request_count":1,"received_data":31215,"sent_data":728,"comment":"","tags":null,"fingerprints":null},{"fqdn":"kosmha.com","ip":{"addr":"104.21.88.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-05","domain_rank":1132854,"first_seen":"2025-08-03T07:04:23.899751Z","last_seen":"2025-09-06T19:12:39.410309Z","alert_count":0,"request_count":1,"received_data":15017,"sent_data":479,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.highperformanceformat.com","ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-10-15","domain_rank":366864,"first_seen":"2024-10-23T18:32:34.138968Z","last_seen":"2025-09-22T02:40:03.324515Z","alert_count":6,"request_count":2,"received_data":76962,"sent_data":910,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-09-28T22:30:31.748184Z","alert_count":0,"request_count":2,"received_data":838,"sent_data":886,"comment":"","tags":null,"fingerprints":null},{"fqdn":"ngonovideo.top","ip":{"addr":"104.21.87.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-04-15","domain_rank":0,"first_seen":"2025-05-19T16:20:50.724636Z","last_seen":"2025-09-06T19:12:39.448782Z","alert_count":2,"request_count":2,"received_data":2725,"sent_data":864,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-09-28T22:11:46.369912Z","alert_count":0,"request_count":1,"received_data":19475,"sent_data":574,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.googletagmanager.com","ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2011-11-11","domain_rank":283,"first_seen":"2012-10-04T01:07:32Z","last_seen":"2025-09-28T22:11:36.689828Z","alert_count":0,"request_count":1,"received_data":420323,"sent_data":431,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"pl27560162.revenuecpmgate.com","ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-08-29","domain_rank":0,"first_seen":"2025-09-29T03:08:23.243482Z","last_seen":"2025-09-29T03:08:23.243482Z","alert_count":4,"request_count":1,"received_data":77143,"sent_data":457,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-09-28T22:11:39.889585Z","alert_count":0,"request_count":1,"received_data":6659,"sent_data":444,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"xenorawebnet.com","ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-08-29","domain_rank":0,"first_seen":"2025-09-26T10:28:52.875253Z","last_seen":"2025-09-26T10:28:52.875253Z","alert_count":0,"request_count":7,"received_data":134873,"sent_data":3694,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8185931d09627217019fd6398da229a8","sha1":"90843476247635a1d4f6c0cc0c1c410a87f3a276","sha256":"5d10bc60124ce3472e4fc1662997dc628a192ded73a54fa8f449205118287684","sha512":"d3daa8c75b3cb98c37e104b9ca9c38a5d4758a03388da91f50117717b3bbcebe77e92c2171511ac31a7a92b05850be3dacc3fe96d267946436d712425051ab67","ssdeep":"","tlshash":"a8e02b185db310b0455be01a1776d64d355110631444d8093d8d8e885f60e9658ddad4","size":423,"data":"","first_seen":"2025-03-09T00:15:37.489136Z","last_seen":"2026-02-08T05:48:01.472384Z","times_seen":358,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kosmha.com/","fqdn":"kosmha.com","domain":"kosmha.com","tld":"com"},"ip":{"addr":"104.21.88.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"bebda825cee63a256940ad4166bda00e","sha1":"d8f717b02224f70d4204b81865c0ecbc127169ad","sha256":"a1647ff2a47f018cb0aad3e28f078a519eb32604a306a92e2070c9c5035beba5","sha512":"9411af1cdc5de98e2ff51d2ca857f98ba8647780d30690f8fe0dd4631853b9f1b38cd58d37ec46a64939bc1e51b4bfa25186658acd058a2842c03e616ba3732c","ssdeep":"","tlshash":"f641d67e04b134ef635b104c9dd999643af1e57560cc88417a3cf141637827e99bcbe4","size":2291,"data":"","first_seen":"2025-09-29T03:08:27.001658Z","last_seen":"2025-09-29T03:08:27.001658Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kosmha.com/","fqdn":"kosmha.com","domain":"kosmha.com","tld":"com"},"ip":{"addr":"104.21.88.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eval","is_inline":false,"md5":"127ac839a41bdd9ab92ad47b7411cdaf","sha1":"c2f81b12778c909f055c3967caa638b643c4916a","sha256":"b2ebc210c5c379879d07a4a9e046a4ea803d56dcc91d533db817ec272cbcfaf4","sha512":"dd73d8ab5e3651e697cdf73c372c45d04cf28b06db71161f0583b7bec3d8de6f84e411edba2ce4ce8f4c6b4862209ad845034d74ff59c4fab82f380ca333f153","ssdeep":"","tlshash":"348000808028000e80082aa808288aa220a208aaca0320c8822008820b33002b0c8200","size":29,"data":"","first_seen":"2023-03-08T14:23:53Z","last_seen":"2026-02-01T11:18:04.493724Z","times_seen":1381,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9fbad349f229acfb3ccfb3fcfacbde04/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"60cf4e4fe44ab49c4e5d90959e24e490","sha1":"3c8fa3b8c012e31826da13c301b616f4ebd63712","sha256":"6350394a2a2dd22cd99c398fa712f62aeda67db47fb0a4c316802519f1ba7c68","sha512":"5814efae0ad248c059484899f5d87945dec1ea2633c1d5e4a85bb801f9bceb6af372d1cadb3fb1f65208f67ee213aa6b9a18fb47a53e3fe6de7b76c6f055f0f4","ssdeep":"768:Pwko7kMaFiARuKBp3z7rPj0c2XVgciy3kjKNaQWFXnFKDy:PIDARtBRHj0cQVgc/nNLCnFKDy","tlshash":"faf2e6c87f91f17407a76433222f964af56bcd05598ed048f43be4ac2d6c726e936a38","size":37642,"data":"","first_seen":"2025-09-29T03:08:26.99069Z","last_seen":"2025-09-29T03:08:26.99069Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9fbad349f229acfb3ccfb3fcfacbde04/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6e2865f0c68a5444a8c36a713e847554","sha1":"87a45460d1acf5dc7e871ffc398cd858c5d81f97","sha256":"ab0b666b9437229a0dc37ba2b7426ab5a401dec4f4a5a4fc75ad2c5689157db6","sha512":"a141be0fcff2035776bb67a54183649c4cf5643be3d366b94aefeb70c70aac9b75468b7507ce9e46c2a7342841b07298fa8672cf136c963509a8bc08921c7bc5","ssdeep":"768:PNyo7kMaFiARuKBp3zCrPj0c2XVgciy3kjKNaQWFXnFKDy:P9DARtBRaj0cQVgc/nNLCnFKDy","tlshash":"5cf2e7c87f91f17407a76033222f964af56bcd05598ed048f43be4ac2d6c726e936a38","size":37610,"data":"","first_seen":"2025-09-29T03:08:26.983798Z","last_seen":"2025-09-29T03:08:26.983798Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27560162.revenuecpmgate.com/1d/28/07/1d2807df8250c84ff94a76513f0fa70e.js","fqdn":"pl27560162.revenuecpmgate.com","domain":"revenuecpmgate.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"cb0149ea2cf4befd86367c38f04706ca","sha1":"148a92c9ccfab2eb3490f75c3916d6420e63703e","sha256":"41ae5a8c42343a0413a13691e4d6cd29d9228c102983ab32d98bbf246e7e4057","sha512":"c01e92535a9d95faf95a231e0774f87e49d64c69ddadab4e056b29a4be7dd0ae6dcd8ccb0a2fd3d9cdd66f32242aa035e97275542b131e610c81c3757a411ce6","ssdeep":"768:cpCxicwKzukjCm/hYE4JoYC3ouzBtX2nwrHpSFXcdDqxv1l2qo0uw7T3SPGw69Xz:cppUCQ37IwT0Rcd+9keSPjulR","tlshash":"fc73fa4c3f95f1ac43a26073222f941bf12a1d51b46cf8c8d253e8bc6eb9769b536b14","size":76287,"data":"","first_seen":"2025-09-29T03:08:26.99651Z","last_seen":"2025-09-29T03:08:26.99651Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kosmha.com/","fqdn":"kosmha.com","domain":"kosmha.com","tld":"com"},"ip":{"addr":"104.21.88.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"56499e1b46212a6765e538e991d4a03c","sha1":"50c820685421fa83cf5831afe617c4442e541d82","sha256":"31a06cf8e57677c6b26905f1183940c636c52d20f53bf52e54805f39d15150aa","sha512":"b7962e3af35830209d0052b3dff35c93019daadc2328fcba768a121443bc8dabd5417f4e1a2cf2e4ac22ee46f8c3d915f1ba64f49f6b63d3e804da8b586ebc5c","ssdeep":"","tlshash":"0261b56d1de1a0ba611b204d5ab595443af0d12b604ccc46be6cf2426f747bd9cfcee8","size":3267,"data":"","first_seen":"2025-09-29T03:08:27.003281Z","last_seen":"2025-09-29T03:08:27.003281Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/index.js","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"c9e87b5f390102de64af97e901c80695","sha1":"b48b78b831fed9527b9d75b9cdb232ece9519e29","sha256":"e7a50d337bdbe4299068de034e4564cfe5fd45ca9257ded37b6ada9330cedf0f","sha512":"6d0bd18d87118dfccad92d1422ace65494c97eefdaa93d57df281e1f7f05eca71b9f3d590558efe97a0407b46894569a00dbbb13d302f0cfa1a8abf57af5e576","ssdeep":"1536:AMzKLhzq8yxihbjw9xs/7FENdZTvzGXlE47ZEJQu:AMzKLhzq8yt9M7FAdZTv4lE47ZmQu","tlshash":"5c93641e57ea1a31d41634299f4f62c8d621911f2d0ad9ac3c6cb7e81f9de3902a4ff4","size":90241,"data":"","first_seen":"2025-03-09T00:15:37.485068Z","last_seen":"2026-02-08T05:48:01.469842Z","times_seen":362,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kosmha.com/","fqdn":"kosmha.com","domain":"kosmha.com","tld":"com"},"ip":{"addr":"104.21.88.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0f2e12278a2be22f339cc33e540f58e2","sha1":"30550f0b43dc2bd0dc4bbb59ec30e0c05637d0eb","sha256":"4c076329b24b77c23c45ab00910fd2f18861a35031a5604c374e6cb93a542231","sha512":"14e80ce0972064bb7335fbed52a2ba58dbc2ce330ecf09adf6a33bd1eda652cabe1ecad6937575653d7447bfe86f609523dbd8e3b95607791b51c6cec03e34e0","ssdeep":"","tlshash":"5271a669b614a43952ebc7ea73fbe388f735011ab041b092486cad84081cde75dafdc1","size":3783,"data":"","first_seen":"2025-09-29T03:08:27.004433Z","last_seen":"2025-09-29T03:08:27.004433Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-MDJ5LX8850","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"e47301cfd4a140afd77828de2e237d5a","sha1":"c68b6e08f62b98608fe9cf8e3fe0acf24f8639df","sha256":"30d6683c94ae808d91486654a2f9bbcb20edc6ea9a12bd8950931201f0e924e9","sha512":"0f910cc9c17b6748bdccbe4fa7da76036979a57fec5909080b639e142ab7ee2a282f65d778b7dbab272cb574af09c3bd3e0e6b43c3654688a6c51e9a0f9285d0","ssdeep":"6144:zBVpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:FXmLRYly/Lwr","tlshash":"7a9409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","size":419719,"data":"","first_seen":"2025-09-29T03:08:26.995085Z","last_seen":"2025-09-29T03:08:26.995085Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/assets/default_100_percent/100-offline-sprite.png","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xenorawebnet.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 14:26:59 GMT","end":"Sun, 30 Nov 2025 15:26:53 GMT"},"fingerprint":{"sha1":"F4:C1:79:62:8C:23:FC:47:22:29:B1:43:F2:F4:7E:D1:2F:00:C1:15","sha256":"0E:F8:F3:16:00:B8:77:9D:53:44:21:33:42:51:53:84:80:32:15:CE:DD:DB:B5:6C:0C:2B:7C:22:10:2D:02:9E"}}},"request":{"raw":"GET /lander-1/assets/default_100_percent/100-offline-sprite.png HTTP/1.1\r\nHost: xenorawebnet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 2645\r\nserver: cloudflare\r\nlast-modified: Fri, 21 Feb 2025 18:19:05 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67b8c399-a55\"\r\nexpires: Thu, 02 Oct 2025 09:24:47 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nage: 319247\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VNgt38puvr2DScywTv93BMw1wF4%2FhGZLZjBOvXRiQfoNHL8APk4SocF2d5coTMMIRgl23dtk6LzvGdbqexicNoAoeM%2F4z1v13a9AbUDc%2FH4%3D\"}]}\r\ncf-ray: 986846573fa95a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2645,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 1233 x 68, 8-bit grayscale, non-interlaced","md5":"126bb0177752d9bcdaf27e9bd487a8ab","sha1":"c933d84c436b49d180dd945313fbd70e0c4fc125","sha256":"e306705c996676db01f4072ed3d6f33d89089a848ab0b2a0ba07a2d866ec309f","sha512":"1eae0820fae8f709bced42fb4c382b99ba1b712ebdeeb57dc6048fba1b0354b9284f3b1889f31b996c63d2f3db3c7208a7a2169b4cd2046446a50b6ffc108069","ssdeep":"","tlshash":"f1515c5beed868c3d16f021dc723398469d00125df5c335e110292614942f9a4de6ce2","first_seen":"2023-11-19T16:44:45Z","last_seen":"2026-02-19T19:48:46.249411Z","times_seen":366,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/assets/default_200_percent/200-offline-sprite.png","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.318Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xenorawebnet.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 14:26:59 GMT","end":"Sun, 30 Nov 2025 15:26:53 GMT"},"fingerprint":{"sha1":"F4:C1:79:62:8C:23:FC:47:22:29:B1:43:F2:F4:7E:D1:2F:00:C1:15","sha256":"0E:F8:F3:16:00:B8:77:9D:53:44:21:33:42:51:53:84:80:32:15:CE:DD:DB:B5:6C:0C:2B:7C:22:10:2D:02:9E"}}},"request":{"raw":"GET /lander-1/assets/default_200_percent/200-offline-sprite.png HTTP/1.1\r\nHost: xenorawebnet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 3244\r\nserver: cloudflare\r\nlast-modified: Fri, 21 Feb 2025 18:19:05 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67b8c399-cac\"\r\nexpires: Thu, 02 Oct 2025 09:24:47 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nage: 319247\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z6iPHdo%2BbzFJPffNKcbkmv8%2BRL8prj4s9fF7KY3eFrrT9nv6%2Ffk5J1eThY4mnNDO7tGxHhxzQ%2BFzeyEKX3N7JmxRyZsdNS%2B9phxkrmhS86Q%3D\"}]}\r\ncf-ray: 986846573faa5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":3244,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2441 x 130, 4-bit colormap, non-interlaced","md5":"04b297005713a535400790596beeed31","sha1":"b1f0ff7b93ea725cd686a51630a728c8fbc8c6da","sha256":"b3011fd16e43cd860b9782c4eafe77c1cc40da2e0f6e2e5ea547d98d6efac879","sha512":"f34e56d243e88daa8a16f8ce4595b5470434a404bd27b76e5f71ab4e0e23a86603a5ba59465533fd69b698146f974ac4b10833ffebaed766e587021595ef5c4f","ssdeep":"","tlshash":"6c617eacffdc4d31d43e6381869d74ea06d36a14415557200524c7bd1494d5e6e9c78f","first_seen":"2023-11-19T16:44:45Z","last_seen":"2026-02-19T19:48:46.193322Z","times_seen":366,"resource_available":false,"data":null}},"time_used":5,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9fbad349f229acfb3ccfb3fcfacbde04/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:11.731Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 22:12:45 GMT","end":"Sun, 09 Nov 2025 22:12:44 GMT"},"fingerprint":{"sha1":"B9:F8:C8:45:C0:0A:8C:9E:D0:93:4C:61:6A:2B:96:49:20:7B:36:AD","sha256":"CB:4C:A5:11:03:46:B4:B3:1A:2C:67:7A:70:5E:BA:61:07:FB:22:C6:9B:14:E6:FC:FF:46:02:F6:30:DA:F0:A0"}}},"request":{"raw":"GET /9fbad349f229acfb3ccfb3fcfacbde04/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 29 Sep 2025 03:08:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 16211\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 6\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f44e5a8e794fdb9f16699fe619aabbfb\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":37610,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (37610), with no line terminators","md5":"6e2865f0c68a5444a8c36a713e847554","sha1":"87a45460d1acf5dc7e871ffc398cd858c5d81f97","sha256":"ab0b666b9437229a0dc37ba2b7426ab5a401dec4f4a5a4fc75ad2c5689157db6","sha512":"a141be0fcff2035776bb67a54183649c4cf5643be3d366b94aefeb70c70aac9b75468b7507ce9e46c2a7342841b07298fa8672cf136c963509a8bc08921c7bc5","ssdeep":"768:PNyo7kMaFiARuKBp3zCrPj0c2XVgciy3kjKNaQWFXnFKDy:P9DARtBRaj0cQVgc/nNLCnFKDy","tlshash":"5cf2e7c87f91f17407a76033222f964af56bcd05598ed048f43be4ac2d6c726e936a38","first_seen":"2025-09-29T03:08:26.983798Z","last_seen":"2025-09-29T03:08:26.983798Z","times_seen":1,"resource_available":true,"data":null}},"time_used":739,"timings":{"blocked":274,"dns":0,"connect":91,"send":0,"wait":100,"receive":90,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:12.321Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nOrigin: https://kosmha.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:12 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://kosmha.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=3fc89bd1-84af-4ae1-ab30-1221d04e7d62:3:1; expires=Thu, 27 Sep 2035 03:08:12 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"75eae6ecec98702194e0c814ae9435ce","sha1":"e50e0464ff55e94cd7f9216e75153e9a6e07a1a2","sha256":"9389e1835f071d0c383c18447f7f6dddd8ef51b80f55dadce623630610257f11","sha512":"1328972bcf61b9497fff981260396a0f78a1214c350d862c56d70729d8c960e3fd5677462b30aabcadd769727a4d6b77ee04971795c1b42ce8f36554053bb084","ssdeep":"","tlshash":"bb900444f055007005c55751cd5df040110154475374301455fdf501011151441510f7","first_seen":"2025-09-29T03:08:26.985328Z","last_seen":"2025-09-29T03:08:26.985328Z","times_seen":1,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":24,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/sbar.json?key=1d2807df8250c84ff94a76513f0fa70e\u0026uuid=3fc89bd1-84af-4ae1-ab30-1221d04e7d62%3A3%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:12.822Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /sbar.json?key=1d2807df8250c84ff94a76513f0fa70e\u0026uuid=3fc89bd1-84af-4ae1-ab30-1221d04e7d62%3A3%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nOrigin: https://kosmha.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.123.144.251","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:12.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nOrigin: https://kosmha.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:12 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://kosmha.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=136922a1-7197-4a8c-a756-95f7d2ea9778:2:1; expires=Thu, 27 Sep 2035 03:08:12 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"ac44ed05580168a7b83db4da591a4430","sha1":"6174a97aa451bba24e86c0463c4ead67a17b4312","sha256":"08752c2e927a7f3779f06e783670651b16e067d79f4ef5213c315de0ffe5b55f","sha512":"12c21fbd84149c9ed71d9465abf20ab236417fe2a99bf810cd62f8939c843cf90c27a638663c323fd16f0da64f415f3edffbb52554111e31f43979f7f4b639cf","ssdeep":"","tlshash":"9c9004f710035cc140015177c451dc404c40c31d30505df1fdc473d7401000514d4d05","first_seen":"2025-09-29T03:08:26.987184Z","last_seen":"2025-09-29T03:08:26.987184Z","times_seen":1,"resource_available":false,"data":null}},"time_used":222,"timings":{"blocked":99,"dns":0,"connect":24,"send":0,"wait":24,"receive":0,"ssl":74},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:12.320Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 29 Sep 2025 03:08:12 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fad5a3b27a9bf886ae07708bace0ae45\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":223,"timings":{"blocked":84,"dns":4,"connect":26,"send":0,"wait":30,"receive":25,"ssl":54},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/index.js","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xenorawebnet.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 14:26:59 GMT","end":"Sun, 30 Nov 2025 15:26:53 GMT"},"fingerprint":{"sha1":"F4:C1:79:62:8C:23:FC:47:22:29:B1:43:F2:F4:7E:D1:2F:00:C1:15","sha256":"0E:F8:F3:16:00:B8:77:9D:53:44:21:33:42:51:53:84:80:32:15:CE:DD:DB:B5:6C:0C:2B:7C:22:10:2D:02:9E"}}},"request":{"raw":"GET /lander-1/index.js HTTP/1.1\r\nHost: xenorawebnet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: cloudflare\r\nlast-modified: Fri, 21 Feb 2025 18:19:04 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67b8c398-16081\"\r\nexpires: Thu, 02 Oct 2025 09:24:47 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nage: 319247\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5nmeOBpkKF3KIkPHy5Yw4iYCtnxi9se9PQ4rE15tKMJ7EFoaAAgefmZiX5%2FSmhKoXS88vSBAjeIGq45gbblQoaiHDWjEsJiWmIOHDT0QTzM%3D\"}]}\r\ncf-ray: 986846573fa85a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":90241,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text","md5":"c9e87b5f390102de64af97e901c80695","sha1":"b48b78b831fed9527b9d75b9cdb232ece9519e29","sha256":"e7a50d337bdbe4299068de034e4564cfe5fd45ca9257ded37b6ada9330cedf0f","sha512":"6d0bd18d87118dfccad92d1422ace65494c97eefdaa93d57df281e1f7f05eca71b9f3d590558efe97a0407b46894569a00dbbb13d302f0cfa1a8abf57af5e576","ssdeep":"1536:AMzKLhzq8yxihbjw9xs/7FENdZTvzGXlE47ZEJQu:AMzKLhzq8yt9M7FAdZTv4lE47ZmQu","tlshash":"5c93641e57ea1a31d41634299f4f62c8d621911f2d0ad9ac3c6cb7e81f9de3902a4ff4","first_seen":"2025-03-09T00:15:37.485068Z","last_seen":"2026-02-08T05:48:01.469842Z","times_seen":362,"resource_available":true,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngonovideo.top/favicon.svg","fqdn":"ngonovideo.top","domain":"ngonovideo.top","tld":"top"},"ip":{"addr":"104.21.87.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:01.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ngonovideo.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 Aug 2025 00:03:44 GMT","end":"Mon, 10 Nov 2025 01:01:20 GMT"},"fingerprint":{"sha1":"31:FB:F6:28:B9:F0:ED:97:F3:07:7D:86:54:0E:1E:18:F0:83:44:F2","sha256":"5D:77:E5:33:95:EB:1C:87:D2:97:B6:80:B3:8A:B0:00:7A:E0:4D:7D:72:56:38:92:0F:20:DE:CB:A4:57:79:9A"}}},"request":{"raw":"GET /favicon.svg HTTP/1.1\r\nHost: ngonovideo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:02 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: image/svg+xml\r\ncontent-length: 231\r\nlast-modified: Fri, 06 Jun 2025 22:37:38 GMT\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, must-revalidate\r\nexpires: Wed, 02 Sep 2026 02:54:53 GMT\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\nx-robots-tag: noarchive\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-frame-options: SAMEORIGIN\r\npermissions-policy: geolocation=(self), camera=(), microphone=()\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 777519\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=J3o2oFgDd84ILeEoxL25WhobEyMQfxrEOtW%2B3AvBhzoPGM%2B78dDxgHNIROZTKUPin2iQ913gAHWAFD48HGdC05RDqoYUyuJjS0jJsr5s\"}]}\r\ncf-ray: 98684611c8b7783d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":327,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"2b750cfdf48de58341e2fc3e024df47b","sha1":"a1e77a552433a4517872a465fa93f8f89a933f97","sha256":"3463ebcd86e04be458f2b82651e5e3d75b989300c6a7bdaa26bd090ef57b748a","sha512":"4cbe0f62dfa9bc718c19067e5c10c10220803c29aec3391b11652bc0bb2a7dadc79f08ab21256f4909f4214174b8f4faeb3b55380ba921aa984fce51a5f6830a","ssdeep":"","tlshash":"c0e07d1091c4a719c1884e01932b792d570f81d3c282cd15f6dd13025fccc576a9624e","first_seen":"2025-09-29T03:08:26.989602Z","last_seen":"2025-11-25T14:49:57.252532Z","times_seen":12,"resource_available":false,"data":null}},"time_used":288,"timings":{"blocked":0,"dns":1,"connect":2,"send":0,"wait":17,"receive":0,"ssl":268},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"ngonovideo.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.highperformanceformat.com/9fbad349f229acfb3ccfb3fcfacbde04/invoke.js","fqdn":"www.highperformanceformat.com","domain":"highperformanceformat.com","tld":"com"},"ip":{"addr":"172.240.253.132","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:11.730Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"highperformanceformat.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Mon, 11 Aug 2025 22:12:45 GMT","end":"Sun, 09 Nov 2025 22:12:44 GMT"},"fingerprint":{"sha1":"B9:F8:C8:45:C0:0A:8C:9E:D0:93:4C:61:6A:2B:96:49:20:7B:36:AD","sha256":"CB:4C:A5:11:03:46:B4:B3:1A:2C:67:7A:70:5E:BA:61:07:FB:22:C6:9B:14:E6:FC:FF:46:02:F6:30:DA:F0:A0"}}},"request":{"raw":"GET /9fbad349f229acfb3ccfb3fcfacbde04/invoke.js HTTP/1.1\r\nHost: www.highperformanceformat.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 29 Sep 2025 03:08:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 16216\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: www.highperformanceformat.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 29de7e6ae1f44c805b93bd2067231117\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":37642,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (37642), with no line terminators","md5":"60cf4e4fe44ab49c4e5d90959e24e490","sha1":"3c8fa3b8c012e31826da13c301b616f4ebd63712","sha256":"6350394a2a2dd22cd99c398fa712f62aeda67db47fb0a4c316802519f1ba7c68","sha512":"5814efae0ad248c059484899f5d87945dec1ea2633c1d5e4a85bb801f9bceb6af372d1cadb3fb1f65208f67ee213aa6b9a18fb47a53e3fe6de7b76c6f055f0f4","ssdeep":"768:Pwko7kMaFiARuKBp3z7rPj0c2XVgciy3kjKNaQWFXnFKDy:PIDARtBRHj0cQVgc/nNLCnFKDy","tlshash":"faf2e6c87f91f17407a76433222f964af56bcd05598ed048f43be4ac2d6c726e936a38","first_seen":"2025-09-29T03:08:26.99069Z","last_seen":"2025-09-29T03:08:26.99069Z","times_seen":1,"resource_available":true,"data":null}},"time_used":740,"timings":{"blocked":276,"dns":0,"connect":92,"send":0,"wait":98,"receive":90,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"www.highperformanceformat.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.691456830114.js?dev=e\u0026key=9fbad349f229acfb3ccfb3fcfacbde04\u0026kw=%5B%22%D9%85%D9%88%D9%82%D8%B9%22%2C%22%D9%83%D8%B3%D9%85%D9%87%D8%A7%22%2C%22kosmha%22%2C%22%D8%B3%D9%83%D8%B3%22%2C%22%D8%B9%D8%B1%D8%A8%D9%8A%22%5D\u0026pst=1759115352\u0026rb=\u0026refer=https%3A%2F%2Fkosmha.com%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=82ec5c0c76db3f9429d11d4a4da5519f4b7885aec42b8d881a172e1b89212dacd7f791f08b05c1b807374bddfa935b463b1bee82a2988abf5551a0d9f451b6ce23a5eafc98cfde728c6c3d013bf484c0528277756c5311045c47\u0026tz=0\u0026uuid=136922a1-7197-4a8c-a756-95f7d2ea9778%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:12.706Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:34:59 GMT","end":"Tue, 25 Nov 2025 21:34:58 GMT"},"fingerprint":{"sha1":"E4:24:47:01:B7:F3:A1:0B:CF:EA:36:36:30:C1:21:5D:9E:A1:7B:BE","sha256":"EE:DD:A9:31:87:F8:15:E5:A4:69:BA:E8:17:29:F1:0D:59:DC:1E:48:E2:EB:2F:1D:FE:D6:5C:C0:5F:03:5B:01"}}},"request":{"raw":"GET /watch.691456830114.js?dev=e\u0026key=9fbad349f229acfb3ccfb3fcfacbde04\u0026kw=%5B%22%D9%85%D9%88%D9%82%D8%B9%22%2C%22%D9%83%D8%B3%D9%85%D9%87%D8%A7%22%2C%22kosmha%22%2C%22%D8%B3%D9%83%D8%B3%22%2C%22%D8%B9%D8%B1%D8%A8%D9%8A%22%5D\u0026pst=1759115352\u0026rb=\u0026refer=https%3A%2F%2Fkosmha.com%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=82ec5c0c76db3f9429d11d4a4da5519f4b7885aec42b8d881a172e1b89212dacd7f791f08b05c1b807374bddfa935b463b1bee82a2988abf5551a0d9f451b6ce23a5eafc98cfde728c6c3d013bf484c0528277756c5311045c47\u0026tz=0\u0026uuid=136922a1-7197-4a8c-a756-95f7d2ea9778%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://kosmha.com\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzQ1OTY5OCwiayI6IjlmYmFkMzQ5ZjIyOWFjZmIzY2NmYjNmY2ZhY2JkZTA0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MTI5MDU3LCJwaWQiOjQzMjE3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJjNjVxODRpNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6Ik9CT1MgT3Blbk5ldCJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va29zbWhhLmNvbS8iLCJhciI6W119fQ.dz9P-5h0qFqaz9csM5ty5NVvfg-HqHwuI9Q25SSkqzc\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 29 Sep 2025 03:08:12 GMT\r\nContent-Type: text/html\r\nContent-Length: 2205\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kosmha.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=136922a1-7197-4a8c-a756-95f7d2ea9778:2:1; expires=Mon, 06 Oct 2025 03:08:12 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Tue, 30 Sep 2025 03:08:12 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 30 Sep 2025 03:08:12 GMT; path=/; secure; SameSite=None\npdhtkv32=true; expires=Tue, 30 Sep 2025 03:08:12 GMT; path=/; secure; SameSite=None\nuncs32=1; expires=Tue, 30 Sep 2025 03:08:12 GMT; path=/; secure; SameSite=None\nu_pl27459698=1; expires=Tue, 30 Sep 2025 03:08:12 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 71\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7b537576ecb3e52c65269cc2170ff3d9\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":3299,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (2423)","md5":"debc9119ddaaa915a17f80a0f8ef5bb1","sha1":"f5a1e31557cbf82cc8f93c74558d90f2ba37bea0","sha256":"6d656003c069769ee80133fe542c3ba3334a345a95bc26bc53d6bd826fa4bff6","sha512":"a18cd9b6bb157407f7abb7dabf56ac250f768372eadafb7f1e0f2f6235d3def6092f792cb5227e67f980fb50afdd87152f5541643c0cce66ada93edf171ec308","ssdeep":"","tlshash":"9e61a56d0de1a0b9610b204d5aa585543ab0d12b604cc846be6cf2426f746bd9cecee8","first_seen":"2025-09-29T03:08:26.991783Z","last_seen":"2025-09-29T03:08:26.991783Z","times_seen":1,"resource_available":false,"data":null}},"time_used":164,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":164,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-29T03:08:13.041Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xenorawebnet.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 14:26:59 GMT","end":"Sun, 30 Nov 2025 15:26:53 GMT"},"fingerprint":{"sha1":"F4:C1:79:62:8C:23:FC:47:22:29:B1:43:F2:F4:7E:D1:2F:00:C1:15","sha256":"0E:F8:F3:16:00:B8:77:9D:53:44:21:33:42:51:53:84:80:32:15:CE:DD:DB:B5:6C:0C:2B:7C:22:10:2D:02:9E"}}},"request":{"raw":"GET /lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com HTTP/1.1\r\nHost: xenorawebnet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qnuhSNT2hJshb35kITsCJLMnnssYahBfxFN%2F9kwzv3ZH6AJzpS6EtFCojHKG8VS%2BZmYKt6RyDeOyxe6Raj9rEa%2BDkqrBhcA2ERojl%2BeqQhc%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 98684656af445a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30747,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (12424), with CRLF line terminators","md5":"959043a96cb899ba089341319593c371","sha1":"5be1ce631bbb8c5b5c2327ef8a707bc91e79156d","sha256":"dcdf77a436b4e56d11a5246a6dddbfbd66fd5011319a1ce589f27aa0e9840efd","sha512":"1e5a96255ebac10115f60582807a8ca39a57a8d533ecd9eb5bd196bcffb3cb0c2631daf5dda864ff8e0b70ce5a018cd8ace363816c09a5d92fe1559a6b3f8d4c","ssdeep":"384:MvJYzmBs5GdYiMh81wkUUzYzmBs5GdYiMh81wRwnTa8crYqaYzmBs5GdYiMh81wL:Mv7d4K19td4K1SwTa88Wd4K1YpnB6HE","tlshash":"75d29d72109bbead576a1945e0105c80fffa70eb83389d25b7cc3ae17b23880d95f864","first_seen":"2025-03-09T00:15:37.466878Z","last_seen":"2026-02-08T05:48:01.468236Z","times_seen":361,"resource_available":true,"data":null}},"time_used":419,"timings":{"blocked":179,"dns":9,"connect":2,"send":0,"wait":61,"receive":0,"ssl":167},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/opensans/v44/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.442Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:48 GMT","end":"Mon, 01 Dec 2025 08:36:47 GMT"},"fingerprint":{"sha1":"4A:11:37:B2:B5:3D:85:04:18:76:94:C3:99:EA:8B:77:66:51:DF:D6","sha256":"6C:B3:8A:F8:58:9F:72:87:6E:B0:CF:E0:3F:D9:AB:6D:AE:6E:E0:73:B1:A3:95:3C:30:98:D3:C4:23:73:D4:33"}}},"request":{"raw":"GET /s/opensans/v44/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://xenorawebnet.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 18640\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 24 Sep 2025 00:02:33 GMT\r\nexpires: Thu, 24 Sep 2026 00:02:33 GMT\r\ncache-control: public, max-age=31536000\r\nage: 443140\r\nlast-modified: Mon, 15 Sep 2025 16:29:38 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":18640,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 18640, version 1.0","md5":"289ab8c3689e58c84c061039efc15d3a","sha1":"9432c99c4915ea17dea97eec0bbd0f2fa6ff0943","sha256":"0e44026ad31376af1b56593cd4acb4f353f8e8789c51759e18f64578e4ef296a","sha512":"4c0ea3fe4daefcd63f7337e7a8e86d169c0f4ce3543b12a69f9980a5bb598987521138454ad4df4474a1edb0fef0c38cfd2de312cb355c9c2665ea3445586787","ssdeep":"384:UubNl0SziXg7u9lPk6A/BViMAf2zAeyrmYAUXKb+cu5E0GW6o6:dbj0S2XjRk6A+MAf2UeGIUEbM4WZ6","tlshash":"9182d1454a3d7753f235a6425daef8cac2b5d42d56978c103be2541a3dff28e33109d8","first_seen":"2025-09-17T00:02:10.421759Z","last_seen":"2026-04-03T19:27:29.806753Z","times_seen":24811,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":76,"dns":0,"connect":16,"send":0,"wait":15,"receive":3,"ssl":59},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ngonovideo.top/logo/search.svg","fqdn":"ngonovideo.top","domain":"ngonovideo.top","tld":"top"},"ip":{"addr":"104.21.87.222","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:01.825Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ngonovideo.top","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 12 Aug 2025 00:03:44 GMT","end":"Mon, 10 Nov 2025 01:01:20 GMT"},"fingerprint":{"sha1":"31:FB:F6:28:B9:F0:ED:97:F3:07:7D:86:54:0E:1E:18:F0:83:44:F2","sha256":"5D:77:E5:33:95:EB:1C:87:D2:97:B6:80:B3:8A:B0:00:7A:E0:4D:7D:72:56:38:92:0F:20:DE:CB:A4:57:79:9A"}}},"request":{"raw":"GET /logo/search.svg HTTP/1.1\r\nHost: ngonovideo.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:02 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 195\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Thu, 19 Jun 2025 14:40:14 GMT\r\naccept-ranges: bytes\r\ncache-control: public, max-age=31536000, must-revalidate\r\nexpires: Sat, 15 Aug 2026 04:22:38 GMT\r\nvary: Accept-Encoding,User-Agent\r\ncontent-encoding: gzip\r\nx-robots-tag: noarchive\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-frame-options: SAMEORIGIN\r\npermissions-policy: geolocation=(self), camera=(), microphone=()\r\nage: 1574070\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hhYOPMcyDIhm8HN5xdgogmG8epk4m3LwZFwxYtd9JSTskuOhgciiCXKxaKvcedSDQaM1VfcEQX7%2FrmG2YLJGe%2Bi%2Fp%2BklyXKSsoinwA%3D%3D\"}]}\r\ncf-ray: 98684610def00b06-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":283,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"26c76988e6296d379b251f7f291a2403","sha1":"33733044ff4f6b3890422ca234893c792821c91e","sha256":"11709360f1c56254c44fc0a94a6e0f12ec11e0ba52f1d0e3313c44ec63e17bb3","sha512":"b45c93c7ef81ef7fb786995a109318c8758e0e8fa50d98048afa1955cbc999b6061c39cdee512f418217cf23c5dba9f211efe48dd0b7a2a614e66882f61bd6f3","ssdeep":"","tlshash":"39d0c23d710c5c2db7128128e72a3630206b12a7dd0c1224e0212834e142d8a363f5b8","first_seen":"2025-09-29T03:08:26.99412Z","last_seen":"2025-11-25T14:49:57.251963Z","times_seen":12,"resource_available":false,"data":null}},"time_used":474,"timings":{"blocked":231,"dns":63,"connect":2,"send":0,"wait":11,"receive":0,"ssl":166},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"ngonovideo.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.googletagmanager.com/gtag/js?id=G-MDJ5LX8850","fqdn":"www.googletagmanager.com","domain":"googletagmanager.com","tld":"com"},"ip":{"addr":"142.250.178.104","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:11.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google-analytics.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:34:53 GMT","end":"Mon, 01 Dec 2025 08:34:52 GMT"},"fingerprint":{"sha1":"DF:7E:8A:F9:1C:B5:DC:9E:90:E3:71:A7:92:85:2C:8F:2B:B4:42:8E","sha256":"3A:65:11:10:B9:58:2F:E1:BF:38:98:8D:2E:3E:A2:01:9D:C6:BE:69:5B:AD:F7:99:53:F9:AB:A6:6B:82:47:F1"}}},"request":{"raw":"GET /gtag/js?id=G-MDJ5LX8850 HTTP/1.1\r\nHost: www.googletagmanager.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript; charset=UTF-8\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-headers: Cache-Control\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Mon, 29 Sep 2025 03:08:11 GMT\r\nexpires: Mon, 29 Sep 2025 03:08:11 GMT\r\ncache-control: private, max-age=900\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\nserver: Google Tag Manager\r\ncontent-length: 139858\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":419719,"size_decoded":0,"mime_type":"application/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (6031)","md5":"e47301cfd4a140afd77828de2e237d5a","sha1":"c68b6e08f62b98608fe9cf8e3fe0acf24f8639df","sha256":"30d6683c94ae808d91486654a2f9bbcb20edc6ea9a12bd8950931201f0e924e9","sha512":"0f910cc9c17b6748bdccbe4fa7da76036979a57fec5909080b639e142ab7ee2a282f65d778b7dbab272cb574af09c3bd3e0e6b43c3654688a6c51e9a0f9285d0","ssdeep":"6144:zBVpmM2/RNpvYqkD1g1/9G1SvuVcH9+23WBj:FXmLRYly/Lwr","tlshash":"7a9409ce73d674265396e478903f018ba5bb28a2f44cc899f189dce42d74a9a4137f7c","first_seen":"2025-09-29T03:08:26.995085Z","last_seen":"2025-09-29T03:08:26.995085Z","times_seen":1,"resource_available":true,"data":null}},"time_used":408,"timings":{"blocked":146,"dns":0,"connect":14,"send":0,"wait":47,"receive":67,"ssl":133},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl27560162.revenuecpmgate.com/1d/28/07/1d2807df8250c84ff94a76513f0fa70e.js","fqdn":"pl27560162.revenuecpmgate.com","domain":"revenuecpmgate.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:11.732Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"revenuecpmgate.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 10:31:51 GMT","end":"Thu, 27 Nov 2025 10:31:50 GMT"},"fingerprint":{"sha1":"9B:93:AB:0D:BE:A3:40:A9:58:BE:A3:A6:F2:18:92:29:E2:1A:7C:32","sha256":"3D:E6:EC:90:1B:27:54:04:90:26:18:BF:8B:27:48:04:F0:C5:14:27:1A:9A:E4:4E:F5:34:6A:12:D9:06:9D:41"}}},"request":{"raw":"GET /1d/28/07/1d2807df8250c84ff94a76513f0fa70e.js HTTP/1.1\r\nHost: pl27560162.revenuecpmgate.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 29 Sep 2025 03:08:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29936\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 11\r\nHost: pl27560162.revenuecpmgate.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 74a4b166d94abc48d28758fb887125f0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":76287,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"cb0149ea2cf4befd86367c38f04706ca","sha1":"148a92c9ccfab2eb3490f75c3916d6420e63703e","sha256":"41ae5a8c42343a0413a13691e4d6cd29d9228c102983ab32d98bbf246e7e4057","sha512":"c01e92535a9d95faf95a231e0774f87e49d64c69ddadab4e056b29a4be7dd0ae6dcd8ccb0a2fd3d9cdd66f32242aa035e97275542b131e610c81c3757a411ce6","ssdeep":"768:cpCxicwKzukjCm/hYE4JoYC3ouzBtX2nwrHpSFXcdDqxv1l2qo0uw7T3SPGw69Xz:cppUCQ37IwT0Rcd+9keSPjulR","tlshash":"fc73fa4c3f95f1ac43a26073222f941bf12a1d51b46cf8c8d253e8bc6eb9769b536b14","first_seen":"2025-09-29T03:08:26.99651Z","last_seen":"2025-09-29T03:08:26.99651Z","times_seen":1,"resource_available":true,"data":null}},"time_used":937,"timings":{"blocked":353,"dns":28,"connect":108,"send":0,"wait":121,"receive":108,"ssl":218},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"pl27560162.revenuecpmgate.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"xenorawebnet.com/favicon.ico","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.439Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xenorawebnet.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 14:26:59 GMT","end":"Sun, 30 Nov 2025 15:26:53 GMT"},"fingerprint":{"sha1":"F4:C1:79:62:8C:23:FC:47:22:29:B1:43:F2:F4:7E:D1:2F:00:C1:15","sha256":"0E:F8:F3:16:00:B8:77:9D:53:44:21:33:42:51:53:84:80:32:15:CE:DD:DB:B5:6C:0C:2B:7C:22:10:2D:02:9E"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: xenorawebnet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\nserver: cloudflare\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncontent-type: text/html; charset=utf-8\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EPQeYul23Wi%2FA1IR22BZ8ffHUCQpdJBpKCmCUFHHZjs4E7eYdWdoihDYkeIwetMhFRtUA4AQz0ZBOxjOB6Vn4Roy%2FSImxP6t%2FZp2B8n6ibo%3D\"}]}\r\ncf-ray: 986846580eec1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":162,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"37d5c3a24983196361e6ce9b1a499464","sha1":"2dd5878df894f3c648e42408879e9a61c112d1b3","sha256":"766c1d6bcb81d3e983fb7adbc19c616d7fc01dafb7893738edc242e2adc59c07","sha512":"cc140d1f61a01ba5f282d682dfeb19229426c7164b147a3031d3b5544c2d7213ce19b075a81d5e00750bdac7b1d9232b8b971e026d838ccae9466523338b09a9","ssdeep":"","tlshash":"eac08c6e2513bd4cc663217432c36490c08b93a7a4ea42228440805331cb2aa8ac7396","first_seen":"2023-11-07T17:46:00Z","last_seen":"2026-04-03T19:37:59.461104Z","times_seen":19641,"resource_available":true,"data":null}},"time_used":67,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Open+Sans","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:36:49 GMT","end":"Mon, 01 Dec 2025 08:36:48 GMT"},"fingerprint":{"sha1":"9E:38:51:02:B6:22:9C:08:6B:24:B8:A0:EB:DB:60:D9:27:B2:68:90","sha256":"67:AF:7E:56:AB:8D:96:FB:D0:75:CA:28:6D:16:B6:67:FD:7F:58:6F:CC:AA:78:B5:01:13:76:2C:AB:BE:80:4E"}}},"request":{"raw":"GET /css?family=Open+Sans HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xenorawebnet.com/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 29 Sep 2025 03:08:13 GMT\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5973,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"52fd336aac376e54df69f73afa4d9a1e","sha1":"ff01fecffbb6ad52a66fc2464c9a06d64ac49ce4","sha256":"0493c5aeeeee76553b77f584271225f936ff2901a1838303744debf8e99728e3","sha512":"6221444a13a3adb37f5064882fa86db9f2e836e7ce90aecc12ac7345281799d902140f502e5a5b8f08d1651f217844cab59ed53e9d3f4b0e9d52d8ba4f6bd3b3","ssdeep":"96:ZOEM9JOEMWDFZ8OEMjkOEMFYOEMhOEMNy+aZjzBrWOEMzubqGIFuV4UOEMCOEMN4:w9AWjBF1INqbCbqGIwV4Rzlqx","tlshash":"25c14d900017545467471ce723cebe30ee4fa2606040d07aabfd8b9aeed6da9a37532d","first_seen":"2025-09-17T00:02:10.461951Z","last_seen":"2026-04-03T19:10:53.368978Z","times_seen":11899,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":70,"dns":0,"connect":14,"send":0,"wait":32,"receive":0,"ssl":56},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/watch.691456830114.js?key=9fbad349f229acfb3ccfb3fcfacbde04\u0026kw=%5B%22%D9%85%D9%88%D9%82%D8%B9%22%2C%22%D9%83%D8%B3%D9%85%D9%87%D8%A7%22%2C%22kosmha%22%2C%22%D8%B3%D9%83%D8%B3%22%2C%22%D8%B9%D8%B1%D8%A8%D9%8A%22%5D\u0026refer=https%3A%2F%2Fkosmha.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=136922a1-7197-4a8c-a756-95f7d2ea9778%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://kosmha.com/","date":"2025-09-29T03:08:12.332Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 21:34:59 GMT","end":"Tue, 25 Nov 2025 21:34:58 GMT"},"fingerprint":{"sha1":"E4:24:47:01:B7:F3:A1:0B:CF:EA:36:36:30:C1:21:5D:9E:A1:7B:BE","sha256":"EE:DD:A9:31:87:F8:15:E5:A4:69:BA:E8:17:29:F1:0D:59:DC:1E:48:E2:EB:2F:1D:FE:D6:5C:C0:5F:03:5B:01"}}},"request":{"raw":"GET /watch.691456830114.js?key=9fbad349f229acfb3ccfb3fcfacbde04\u0026kw=%5B%22%D9%85%D9%88%D9%82%D8%B9%22%2C%22%D9%83%D8%B3%D9%85%D9%87%D8%A7%22%2C%22kosmha%22%2C%22%D8%B3%D9%83%D8%B3%22%2C%22%D8%B9%D8%B1%D8%A8%D9%8A%22%5D\u0026refer=https%3A%2F%2Fkosmha.com%2F\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=136922a1-7197-4a8c-a756-95f7d2ea9778%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nOrigin: https://kosmha.com\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Mon, 29 Sep 2025 03:08:12 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://kosmha.com\r\naccess-control-allow-credentials: true\r\nlocation: https://kettledroopingcontinuation.com/watch.691456830114.js?dev=e\u0026key=9fbad349f229acfb3ccfb3fcfacbde04\u0026kw=%5B%22%D9%85%D9%88%D9%82%D8%B9%22%2C%22%D9%83%D8%B3%D9%85%D9%87%D8%A7%22%2C%22kosmha%22%2C%22%D8%B3%D9%83%D8%B3%22%2C%22%D8%B9%D8%B1%D8%A8%D9%8A%22%5D\u0026pst=1759115352\u0026rb=\u0026refer=https%3A%2F%2Fkosmha.com%2F\u0026res=14.3095\u0026rmtc=t\u0026shu=82ec5c0c76db3f9429d11d4a4da5519f4b7885aec42b8d881a172e1b89212dacd7f791f08b05c1b807374bddfa935b463b1bee82a2988abf5551a0d9f451b6ce23a5eafc98cfde728c6c3d013bf484c0528277756c5311045c47\u0026tz=0\u0026uuid=136922a1-7197-4a8c-a756-95f7d2ea9778%3A2%3A1\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyNzQ1OTY5OCwiayI6IjlmYmFkMzQ5ZjIyOWFjZmIzY2NmYjNmY2ZhY2JkZTA0Iiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1MTI5MDU3LCJwaWQiOjQzMjE3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjE2LCJhaWQiOjMyLCJwdCI6NCwicGsiOiJjNjVxODRpNCIsInQiOjF9LCJ1Ijp7InUiOjEsImF1IjoxLCJkIjp7ImlkIjoyNjY1NjExMTUsImlkcyI6IiIsImljIjpmYWxzZSwibiI6IkRlc2t0b3AsRW11bGF0b3IiLCJ2IjoiVW5rbm93biIsIm0iOiJVbmtub3duIiwiZiI6MSwiZm4iOiJEZXNrdG9wIiwib2lkIjozODkxNCwib24iOiJXaW5kb3dzIiwib3YiOiIxMC4wIiwiYmlkIjoxMzY5MjUsImJuIjoiRmlyZWZveCIsImJ2IjoiMTM0LjAiLCJ3diI6ZmFsc2UsImUiOnRydWUsImFiIjpmYWxzZX0sImMiOnsiaWQiOjE2MiwiYyI6Ik5PIiwibiI6Ik5vcndheSJ9LCJhIjpmYWxzZSwiY3IiOnsibiI6Ik9CT1MgT3Blbk5ldCJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJ1cCI6dHJ1ZSwiciI6Imh0dHBzOi8va29zbWhhLmNvbS8iLCJhciI6W119fQ.dz9P-5h0qFqaz9csM5ty5NVvfg-HqHwuI9Q25SSkqzc; expires=Mon, 29 Sep 2025 03:09:12 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 18caa5d2d80d9e422ce099fd72f7da3d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":3299,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":645,"timings":{"blocked":275,"dns":0,"connect":91,"send":0,"wait":95,"receive":0,"ssl":183},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-29","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-09-28","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"traffichubcontrol.com/index?cid=4056b02849f50f355f10\u0026extclickid=59a66c9f698da859859f12cfc14e9a31\u0026t1=27459698\u0026t2=3489801\u0026type=default\u0026publisher=43217\u0026advertiser=695339\u0026campaign_id=1296744\u0026zoneid=5129057\u0026category=Adult\u0026cost=0.200000","fqdn":"traffichubcontrol.com","domain":"traffichubcontrol.com","tld":"com"},"ip":{"addr":"168.119.149.123","port":443,"asn":24940,"as":"Hetzner Online GmbH","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-29T03:08:12.887Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"traffichubcontrol.com","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 15:46:59 GMT","end":"Tue, 25 Nov 2025 15:46:58 GMT"},"fingerprint":{"sha1":"0E:13:A3:6B:ED:BF:FD:CA:FE:54:46:11:83:86:64:DC:1E:81:92:7F","sha256":"89:4E:EB:53:45:8C:E2:BD:C0:42:1C:72:31:CA:46:D9:7C:08:AE:70:C8:93:B5:E4:34:10:86:53:3D:CC:7F:0D"}}},"request":{"raw":"GET /index?cid=4056b02849f50f355f10\u0026extclickid=59a66c9f698da859859f12cfc14e9a31\u0026t1=27459698\u0026t2=3489801\u0026type=default\u0026publisher=43217\u0026advertiser=695339\u0026campaign_id=1296744\u0026zoneid=5129057\u0026category=Adult\u0026cost=0.200000 HTTP/1.1\r\nHost: traffichubcontrol.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://kosmha.com/\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 307 Temporary Redirect\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\nlocation: https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com\r\nset-cookie: uclick=nLuMxw9eOI8137XwaWCY4KwceeMnQghyGSsG2iZJ3ndUqzUBoeRO+Lqcxtf25bMDdPgaGx6C1g==; Max-Age=31536000; SameSite=Lax\nbcid=d3cvg76071bc73dtk8fg; Max-Age=31536000; SameSite=Lax\r\nvia: 1.1 Caddy\r\nx-request-id: c4c43f7b-dd27-4def-ae65-8476f9ff382a\r\ncontent-length: 0\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":null,"data":{"size":30747,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T19:31:03.603551Z","times_seen":13300818,"resource_available":true,"data":null}},"time_used":238,"timings":{"blocked":85,"dns":7,"connect":37,"send":0,"wait":67,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kosmha.com/","fqdn":"kosmha.com","domain":"kosmha.com","tld":"com"},"ip":{"addr":"104.21.88.184","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-29T03:08:01.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"kosmha.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 03 Aug 2025 05:10:08 GMT","end":"Sat, 01 Nov 2025 06:08:57 GMT"},"fingerprint":{"sha1":"1D:1C:47:FC:97:91:5B:1F:2F:23:C2:07:AB:24:75:27:2A:4D:04:7A","sha256":"F6:CB:03:23:E0:4C:45:EB:6F:21:87:BE:D1:CB:E9:C3:62:3D:A9:29:71:97:15:0F:20:35:8F:FD:FA:29:35:2D"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: kosmha.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:01 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\nvary: Cookie,Accept-Encoding,User-Agent\r\nlast-modified: Mon, 29 Sep 2025 02:00:23 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: public, max-age=7200, must-revalidate\r\nexpires: Mon, 29 Sep 2025 04:00:23 GMT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=BiSOHU42OAI4iU1TAWBH08F%2F8cJab7I3%2Fpqn3O9hKQ2DDQ3I4edsR%2BEy8JVlkgx3A9P8dzTsCJ6qS3eRLjpbil%2Fqt2qCQGS2tgo%3D\"}]}\r\nx-robots-tag: noarchive\r\nx-xss-protection: 1; mode=block\r\nx-content-type-options: nosniff\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-frame-options: SAMEORIGIN\r\npermissions-policy: geolocation=(self), camera=(), microphone=()\r\ncf-cache-status: HIT\r\ncontent-encoding: br\r\ncf-ray: 9868460eccec0daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":13996,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (13158), with no line terminators","md5":"e07214a6b6399c9b439ec525344914da","sha1":"e32e3427273130fe092b781eb527e6b9765cc6ee","sha256":"92609e60e3f4ea85768438e9947052c01b4f6460a6c271c0af67b6b5eacbf377","sha512":"2a4008f9b8515dc5a4a280d2fcd81c40be49c56939450c6a1020c88f9e30d8f606aaabbd77e2c75cad39424e9dc1efe00565eb012de17d1e5337fe71f5cc02f4","ssdeep":"192:zslSG6I6+PlKLvwDd9MgnTSF7xJfQBGCUmmBv7U25u4AkMPaaqvL:zsl7MsKlF7wACUJFoGwO","tlshash":"0c52847a4a8c8077552bdece73d42f0ce5a395b6ea171c44256c3df18fcbdd28628a81","first_seen":"2025-09-29T03:08:26.998776Z","last_seen":"2025-09-29T03:08:26.998776Z","times_seen":1,"resource_available":false,"data":null}},"time_used":563,"timings":{"blocked":255,"dns":0,"connect":1,"send":0,"wait":53,"receive":0,"ssl":253},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/index.css","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xenorawebnet.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 14:26:59 GMT","end":"Sun, 30 Nov 2025 15:26:53 GMT"},"fingerprint":{"sha1":"F4:C1:79:62:8C:23:FC:47:22:29:B1:43:F2:F4:7E:D1:2F:00:C1:15","sha256":"0E:F8:F3:16:00:B8:77:9D:53:44:21:33:42:51:53:84:80:32:15:CE:DD:DB:B5:6C:0C:2B:7C:22:10:2D:02:9E"}}},"request":{"raw":"GET /lander-1/index.css HTTP/1.1\r\nHost: xenorawebnet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 21 Feb 2025 18:19:07 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\netag: W/\"67b8c39b-b71\"\r\nexpires: Thu, 02 Oct 2025 09:24:47 GMT\r\ncache-control: max-age=604800\r\ncontent-encoding: gzip\r\nage: 319247\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nutZKM%2F9hCGRQ7tsg7aCgGBMHW2UC3Jk4vUyXNS9O1rqZFAlUbZ8O0RjrO8VpqhqlqfauDMEOnkEAyanB1RfEH3Xb4xKRCcXLEYipYQOwtw%3D\"}]}\r\ncf-ray: 986846573fa55a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2929,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"274af055b611da24310bc0d48bade003","sha1":"4bc782b260606f30f01e8051397007201e583e73","sha256":"850e209b45b9624d588ddf56e3496de39a4532dcc6bbb72373ed44aa619e5c85","sha512":"c18b62b82fc5ab03e363803e8ff6d4f9186132c0506abcb300ecc428f1e0a30b94c3d91a2bdd0f3222bf5d6395975a160bd0e35254f6241258421dbc5d6be97b","ssdeep":"","tlshash":"1e5131910af52518f106e1ba29fb6128a3a944c2a34fdd57f6d1351cff9c3b10873a91","first_seen":"2025-04-14T08:55:06.856404Z","last_seen":"2026-02-19T19:48:45.99283Z","times_seen":339,"resource_available":false,"data":null}},"time_used":6,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"xenorawebnet.com/lander-1/assets/default_100_percent/100-error-offline.png","fqdn":"xenorawebnet.com","domain":"xenorawebnet.com","tld":"com"},"ip":{"addr":"172.67.133.174","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://xenorawebnet.com/lander-1/?clickid=d3cvg76071bc73dtk8fg\u0026domain=traffichubcontrol.com","date":"2025-09-29T03:08:13.441Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"xenorawebnet.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 01 Sep 2025 14:26:59 GMT","end":"Sun, 30 Nov 2025 15:26:53 GMT"},"fingerprint":{"sha1":"F4:C1:79:62:8C:23:FC:47:22:29:B1:43:F2:F4:7E:D1:2F:00:C1:15","sha256":"0E:F8:F3:16:00:B8:77:9D:53:44:21:33:42:51:53:84:80:32:15:CE:DD:DB:B5:6C:0C:2B:7C:22:10:2D:02:9E"}}},"request":{"raw":"GET /lander-1/assets/default_100_percent/100-error-offline.png HTTP/1.1\r\nHost: xenorawebnet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://xenorawebnet.com/lander-1/index.css\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Mon, 29 Sep 2025 03:08:13 GMT\r\ncontent-type: image/png\r\ncontent-length: 196\r\nlast-modified: Fri, 21 Feb 2025 18:19:05 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"67b8c399-c4\"\r\nexpires: Thu, 02 Oct 2025 09:26:23 GMT\r\ncache-control: max-age=604800\r\naccept-ranges: bytes\r\nage: 319115\r\ncf-cache-status: HIT\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vdV54qA4MIhE4%2BoH1hpl7WuNqnFzrgsI770Q%2FeXnnSwKu3Mqpn3%2BSqBhhbeBPadSX8W9b5v1kmloho4IAfHDo9J9qWbZp2paHSZ3gEMYr5c%3D\"}]}\r\nvary: accept-encoding\r\ncf-ray: 986846580eed1525-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":196,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 72 x 72, 1-bit colormap, non-interlaced","md5":"603727db1b706260019aa950dcf5fcd9","sha1":"82fb32413af0a3d30db040e16cf67435a8d2542b","sha256":"0d26708e4a360173db7a6a5e82ec2b5b95631feb886a76b343dbae951ece8565","sha512":"99f82c174dd64343d9021a3e70e903cfa28a19956c11d0a196b1daa134b7999d485b38ea4e009079ad80cf4f79c62cef511fe27dcdef3b715152c64b16407bbe","ssdeep":"","tlshash":"60d023e747125c248054cf1135945011cf742de8b6844d26221dc4fb2f111d8c6c4d16","first_seen":"2024-11-14T00:43:58.056169Z","last_seen":"2026-02-08T05:48:01.467125Z","times_seen":367,"resource_available":false,"data":null}},"time_used":13,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":13,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}