{"report_id":"688cf5f9-cc4e-4f98-932b-e1d668d27c33","version":6,"status":"done","tags":[],"date":"2025-08-31T04:09:26Z","url":{"schema":"http","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"104.21.73.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"title":"XNXX - XXNX - فيديوهات إباية مجانية - ARXNXXXHD"},"submit":{"url":{"schema":"http","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"104.21.73.196","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-05T04:09:26Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"sixdespise.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"frozenassumption.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"professionaltrafficmonitor.com","ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-01-23","domain_rank":16376,"first_seen":"2025-01-25T08:56:07.448138Z","last_seen":"2025-08-29T14:53:30.388188Z","alert_count":0,"request_count":4,"received_data":1464,"sent_data":1960,"comment":"","tags":null,"fingerprints":null},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-08-26T21:51:48.445996Z","alert_count":2,"request_count":2,"received_data":171926,"sent_data":834,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cdn.show-sb.com","ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":187612,"first_seen":"2024-08-31T03:46:04Z","last_seen":"2025-08-30T13:30:47.444946Z","alert_count":0,"request_count":1,"received_data":1921,"sent_data":504,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"arxnxxxxxxhd.beauty","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":20,"received_data":334805,"sent_data":10696,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}]},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2025-08-29T06:56:05.274955Z","alert_count":0,"request_count":1,"received_data":6771,"sent_data":482,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"sixdespise.com","ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-06-30","domain_rank":183727,"first_seen":"2025-07-05T14:50:58.287981Z","last_seen":"2025-08-28T01:28:23.527773Z","alert_count":6,"request_count":6,"received_data":190284,"sent_data":5768,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"skinnycrawlinglax.com","ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2024-09-01","domain_rank":38609,"first_seen":"2025-07-09T22:28:05.771371Z","last_seen":"2025-08-28T00:53:33.505682Z","alert_count":5,"request_count":5,"received_data":2490,"sent_data":2830,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-08-29T11:41:00.632906Z","alert_count":0,"request_count":4,"received_data":91109,"sent_data":1946,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"frozenassumption.com","ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-08-07","domain_rank":0,"first_seen":"2025-08-13T10:28:55.509238Z","last_seen":"2025-08-28T01:28:23.641505Z","alert_count":2,"request_count":2,"received_data":40046,"sent_data":1101,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-08-27T15:11:05.791298Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1108,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-08-27T15:14:26.687687Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"www.agonizingfollowing.pro","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2025-08-27T14:41:40.318537Z","last_seen":"2025-08-27T14:41:40.318537Z","alert_count":0,"request_count":2,"received_data":208230,"sent_data":941,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-08-26T21:51:48.43432Z","alert_count":0,"request_count":2,"received_data":992,"sent_data":1540,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"weirdopt.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":37519,"first_seen":"2025-07-08T12:55:47.272157Z","last_seen":"2025-08-27T05:03:54.731092Z","alert_count":1,"request_count":1,"received_data":377,"sent_data":422,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"badlandlispyippee.com","ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"2025-03-12","domain_rank":83185,"first_seen":"2025-03-17T06:25:13.242654Z","last_seen":"2025-08-23T10:34:53.635478Z","alert_count":0,"request_count":4,"received_data":155352,"sent_data":2805,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"be6d1b21a81405ff83b01c59c3e754e9","sha1":"03295e2584d967466ecad213bf1c16d1128f1ecc","sha256":"acaf6b35065b6e7c29aa33ac388b3f04ed4cd77394eec8f32939eea15985a578","sha512":"4e594ab43f2b69f8233c3d4b8cfcaec015166b7e0a72b8f6be96c8f2ea1480bfcee09b0a749a4bdec717fed2fb41cec0808f910f9428c1e885460e0c39bce077","ssdeep":"","tlshash":"48e0c06c5cd92f3442ab2037a13cc6497040602128b37461901ce00f7754ff88c86bbe","size":369,"data":"","first_seen":"2025-08-23T10:34:58.857725Z","last_seen":"2025-09-03T17:42:49.336028Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"eventHandler","is_inline":false,"md5":"95149c90b832dede040ac5fad08e3c94","sha1":"1f71428be81bc75facb8551face5f7a4f4ee4276","sha256":"03b913ecce3c02e0cfb0b4aefcd6f89c24c49810591d79ee5b798837c0544395","sha512":"81e168c16aaf6005ec2bb025bff3c899c543f0131a8e9907f783dd36b9b8c61d727e951ce792e5c91941094a766d425775e5438025b31cc0eda5201291da51c0","ssdeep":"","tlshash":"4a50003c0000000000003c000000030000000000000000000000000c00000c00033000","size":9,"data":"","first_seen":"2025-08-07T07:37:53.694859Z","last_seen":"2025-09-03T17:42:49.33979Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.agonizingfollowing.pro/ecc874/76933aaeb4e4.js","fqdn":"www.agonizingfollowing.pro","domain":"agonizingfollowing.pro","tld":"pro"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"6293d815538c521cd012122a8aeef7cf","sha1":"a34effed6f46c76f1b59d20067f9b36a6985701c","sha256":"59d93166156c99afef2344f4883377144608b6c996b9b0a16856a0018efd60f1","sha512":"f22f4706029b2dc11b1b623660299e71714d3a7b576a0f884d3f46a3951a77e5e17aec315a76a1b9fbf612cea95e75d66ef6c0b74307091aa90b12e7e1fd07d1","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvz:OijxEQq3P5Enne9zkWHLR","tlshash":"82a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","size":103684,"data":"","first_seen":"2025-08-27T09:40:31.125157Z","last_seen":"2025-09-03T07:51:18.083389Z","times_seen":171,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/35/1f/09/351f09f8163e80240a1747fd798e8282.js","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0c9d36ea8f0abc7651f8e5a2f3fd799","sha1":"45a536ec3e2dc110851495955bea65f00ff3ac6d","sha256":"305cf1b0bdd018e912aecfdd86be27320a21b07a16f6188659e9219a33e58d7b","sha512":"47944ca295b0b64bdd2f8f41349cefd4f64265a757f6f5c55b0a782db348ade38607d0328193cb3e2c52758f3a14e87669a0af226df17acad3b64ad3dbbe241d","ssdeep":"1536:cmt7BMZUs9piv3i6In8noteGF1XF35WxYT6EhI:ckdv3i6C8notJZFpWk4","tlshash":"e2a3e9887f50f47d02da6036233f962ae1ee4e42154ee158d026fde53a68317e63ddb8","size":105676,"data":"","first_seen":"2025-08-31T04:09:32.436599Z","last_seen":"2025-08-31T04:09:32.436599Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"frozenassumption.com/bMXgV.s-dwGFlf0HYNWXcD/Oebmc9duiZnUjlakfP-T/YIyiMazSU/0/NXDeMntJNyjPITzMNKT/Qc0yNiAH","fqdn":"frozenassumption.com","domain":"frozenassumption.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"224a56f7260d2ba3bbc0bad005b278c6","sha1":"e46e254aaaf1282df1b46ef3225a82dc6db011ff","sha256":"9fa5ad354c1085bf0439df5f8d8ea766190493665903308b5b42c8345ede1402","sha512":"d53b5b22cca0219d9b1baece165994e315c6da99197a077d80ea1868da97fc43471f0de704f046d973baad10a298555278f497e6fe8e1988a43393fa18d1b1c6","ssdeep":"768:QZhdZg7J02MCfTF9dFaQpp8JY29c6SboEBkleZ2YoOcLh6YPTgLg0oDEiG82ImLH:QZ1g7JQCqQpp8Jr9c6SboEBkleZ2qcLU","tlshash":"3a03b7c8b1c3642642eb507d713b7208b23a54655429b028bc79c8e4fc79e9f8577bbd","size":38708,"data":"","first_seen":"2025-08-31T04:09:32.409355Z","last_seen":"2025-08-31T04:09:32.409355Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"badlandlispyippee.com/get/2057407?id=2057407\u0026jp=_clmipbiihszdvsouimujba\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.578-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=P-jWTT3vk\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=bLFEUIqaHR0cHM6Ly9hcnhueHh4eHh4aGQuYmVhdXR5Lw\u0026afid=2929871179234816\u0026eclog=0\u0026snc=0\u0026ssc=1\u0026vp=0\u0026dto=2\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"badlandlispyippee.com","domain":"badlandlispyippee.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"21e5bd1d7bae6e586d8dfc11e75f7a33","sha1":"df1c8b1828a99d17ec8019ea30e91c70d54aa557","sha256":"3e5e6ab586eba4cb3de2da1b15c86a60c5985fd9d0566d482ccb2d81db27ed76","sha512":"ed8caeceb8ef2f2fb2cd8be739cf1c9191113f43fbc41f6adf5bc23cd29caa3408ee2aa0f149f3975fe9c2f364e3be2f66f2b8a9116963a138deb63180d43ceb","ssdeep":"","tlshash":"706184e5840bc9d09089e8cfb63e0f38b0405bd560b79a155d68deee66110fcebb3951","size":3389,"data":"","first_seen":"2025-08-31T04:09:32.423791Z","last_seen":"2025-08-31T04:09:32.423791Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"2b89374a8d68098c1ed122d75a9d7676","sha1":"35d01c79f50928fa9182973e67955820a721b676","sha256":"c18843bc0ecebe9b9b4a21126dbb44eec162056ab6d078c9b2c9e5a44bcbabc1","sha512":"55cf2303fe56b38db2743486c160fb859881cedab154293ad4b6afa852a057ef98138e9b3518e6a29745ff524898d87c73d04a8a2be03d901136c489bf894360","ssdeep":"","tlshash":"70017028b83417380293b62b5167678f1439214bd004415fb0165aa62ee3f9662a1ba5","size":659,"data":"","first_seen":"2025-08-28T23:04:51.392783Z","last_seen":"2025-08-31T04:09:32.44232Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/06/e7/77/06e777928c158d50c569544daf7510b7.js","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"introduction_type":"scriptElement","is_inline":false,"md5":"fe4542dbe2ea67edf66c1def6d235ebd","sha1":"e91739cd30417b70c5a2c43e28050950a6590ed3","sha256":"7fed29cfc85bd35dbe8ac20f2da05a7e5f4079c13c6037f3a47bee22ba2d0cde","sha512":"5415fe6430f1f8cbf0dfc79f4b0cae48e5cd5138bd6741f66bc620cc9abd8f042d5746cf93a0ff427defe6953b3db7562baf0efea4176126dbba24c84a106592","ssdeep":"768:Y2WfYsmKjjqw648+QhS8u+Jcj/XcdNjN3mOdY08kUbTehzbcepw6f:Y2Wf7Q4x5O+jvc7dY0U3fE","tlshash":"1263c7483f51b27802e6b8fa712fa61af0265c1195d8e0d8f503f4deae66719f036f25","size":72570,"data":"","first_seen":"2025-08-28T23:04:51.330105Z","last_seen":"2025-08-31T04:09:32.421397Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"5a1c40adc197e68e25f42a82806b0a8e","sha1":"b425133cbe6abc9b7ce032f576fba0d0566ce4c0","sha256":"2297f2b2ff57675063de2011ff58e847546cd4da89a5a71aaa81dae2d8961cb7","sha512":"170c62b409be4fb43fd85f6865c597f2b9a67c27fe0a6ece2d9e1a639cda08ac62e1b7ab309281966fd386be54ddc1821e86d07b66996bf7b417e27e5f7e07bb","ssdeep":"","tlshash":"0cf00e943ce884248373002927bb9148b43969292c0aed14fd4c84812f99ea808bb90c","size":514,"data":"","first_seen":"2025-05-26T19:54:13.962906Z","last_seen":"2026-02-01T06:42:59.147592Z","times_seen":35,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"badlandlispyippee.com/on.js","fqdn":"badlandlispyippee.com","domain":"badlandlispyippee.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"introduction_type":"scriptElement","is_inline":false,"md5":"960f1e798dcf161a95d1db699db159e0","sha1":"51f58bb6d133cfc7522a48c23fa29549b7f69802","sha256":"ef27880b140f45e3f756e6958d55d440f871cc8a743a6bb6ebb63f22eef31609","sha512":"1c93eaf57da5b39bf33dace37c355a73a23007e6367c01c1a8159a69e66a21bc0350bba3d0e1bc53ccbf65e10829b49cea7e85f83c85a0d93ae60c32e858a95c","ssdeep":"1536:zOzlCoIBDv2giJjLnCwsoRoBX1q1BLN5JqgXR87uiKNsjPAGoJMSKxWOiiyiPXRU:zagTW3xqALEQRX2SKxNiSR1G","tlshash":"6ce3b58c798a3eb64253a4a90c7fb507b6355cd5e0ff00849866c3d46cfb60ed227ab5","size":147490,"data":"","first_seen":"2025-08-28T15:12:06.503912Z","last_seen":"2025-09-01T05:48:29.588991Z","times_seen":60,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85386,"data":"","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"f4d0c7940835004e93cbfc4ee1998a55","sha1":"7fd4f08047f7d73827ce2b9fde31a5902cd9aa2d","sha256":"4a88cb05ac2ff6fb03f4c40e8f538890f81ba6d2b2fe13500397b97b2c183b79","sha512":"61411a2b75fae3d2aa493494a098933d5c1f2da9a5296637d559e954cc6116f22d21d983259a0b26fb36e91f1bc2db0f603fade9a42f57e60c0280dfb9fe67b3","ssdeep":"192:649F7gFbaW6cMI9eHLOxA7vayDHySf9KexVgHL9TIb:6wg/rdeHWwvayvf5xVgS","tlshash":"bdf10af93296fd9543a88cd6e0bf5570f4299a483109d858f56cec8b3839981d1b3f39","size":7591,"data":"","first_seen":"2025-08-07T07:37:53.702621Z","last_seen":"2025-09-03T17:42:49.337953Z","times_seen":6,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"badlandlispyippee.com/solid.gif?z=2057407\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.578-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=P-jWTT3vk\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=bLFEUIqaHR0cHM6Ly9hcnhueHh4eHh4aGQuYmVhdXR5Lw\u0026afid=2929871179234816\u0026eclog=0\u0026snc=0\u0026ssc=1\u0026vp=0\u0026dto=2\u0026im=1\u0026noch=1\u0026cs=5","fqdn":"badlandlispyippee.com","domain":"badlandlispyippee.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.232Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"badlandlispyippee.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 14:34:15 GMT","end":"Fri, 07 Nov 2025 14:34:14 GMT"},"fingerprint":{"sha1":"DF:E4:30:5E:8F:8F:0C:5A:39:BE:D0:DB:C9:EC:3F:3A:32:2D:2B:A2","sha256":"12:B3:44:4D:46:2F:A0:BD:8E:7F:F5:DA:05:A3:36:B0:FA:31:03:4C:78:0B:E4:4C:15:45:32:53:04:4F:11:23"}}},"request":{"raw":"POST /solid.gif?z=2057407\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.578-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=P-jWTT3vk\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=bLFEUIqaHR0cHM6Ly9hcnhueHh4eHh4aGQuYmVhdXR5Lw\u0026afid=2929871179234816\u0026eclog=0\u0026snc=0\u0026ssc=1\u0026vp=0\u0026dto=2\u0026im=1\u0026noch=1\u0026cs=5 HTTP/1.1\r\nHost: badlandlispyippee.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: image/gif\r\ncontent-length: 43\r\nx-route-id: stats.tag.loaded\r\nset-cookie: CHCK=1; Path=/; Expires=Sun, 04 Oct 2026 04:09:04 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Sun, 04 Oct 2026 04:09:04 GMT; Secure; SameSite=None\nUID=250830230957ee300fbb6d425dbd5bfbfc70; Path=/; Expires=Sun, 04 Oct 2026 04:09:04 GMT; Secure; SameSite=None\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":43,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 1 x 1","md5":"28e463819a210071de3b45ebe7633613","sha1":"6dccd571828ec0912629119cf7eabfea9f33ddbc","sha256":"44251f61629e2bfeead421241a917f43ad047af351659f01cd8fd937f0417f84","sha512":"8a82ac5a7883cd9b74bdb561cf825ce86474e259ad8c445e538d697b0003e3f2b1d6edcd3dc6512f4ad16e9074da204a79938257c457ecf68f4329eac0182e67","ssdeep":"","tlshash":"04900003e280e082c3a0c0300e0ccb802b88a2308a28030fb0fc2baefc3a3a20c23000","first_seen":"2023-04-05T09:26:54Z","last_seen":"2026-05-31T16:47:01.291741Z","times_seen":22084,"resource_available":true,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.agonizingfollowing.pro/ecc874/76933aaeb4e4.js","fqdn":"www.agonizingfollowing.pro","domain":"agonizingfollowing.pro","tld":"pro"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.agonizingfollowing.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 07:03:15 GMT","end":"Tue, 25 Nov 2025 07:03:14 GMT"},"fingerprint":{"sha1":"66:D3:A7:75:CD:3D:AA:D7:D1:E8:78:41:D5:E7:F4:3A:6E:58:34:49","sha256":"4E:E3:8D:86:49:E2:51:5B:3B:6C:5D:84:FC:56:5D:AF:6C:05:F8:1C:17:0E:1B:3D:6F:5C:F1:17:4E:EF:89:B6"}}},"request":{"raw":"GET /ecc874/76933aaeb4e4.js HTTP/1.1\r\nHost: www.agonizingfollowing.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Tue, 02 Sep 2025 04:09:04 GMT\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103684,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"6293d815538c521cd012122a8aeef7cf","sha1":"a34effed6f46c76f1b59d20067f9b36a6985701c","sha256":"59d93166156c99afef2344f4883377144608b6c996b9b0a16856a0018efd60f1","sha512":"f22f4706029b2dc11b1b623660299e71714d3a7b576a0f884d3f46a3951a77e5e17aec315a76a1b9fbf612cea95e75d66ef6c0b74307091aa90b12e7e1fd07d1","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvz:OijxEQq3P5Enne9zkWHLR","tlshash":"82a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2025-08-27T09:40:31.125157Z","last_seen":"2025-09-03T07:51:18.083389Z","times_seen":171,"resource_available":true,"data":null}},"time_used":165,"timings":{"blocked":71,"dns":26,"connect":21,"send":0,"wait":19,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=fed922be-7416-4981-8056-05c8ad9237da\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=351f09f8163e80240a1747fd798e8282\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=4","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.656Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=fed922be-7416-4981-8056-05c8ad9237da\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=351f09f8163e80240a1747fd798e8282\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=4 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:05 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 30b9cd9c6fe0eaa9a9bb80725b9c683d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":732,"timings":{"blocked":316,"dns":35,"connect":93,"send":0,"wait":98,"receive":0,"ssl":188},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Finstagram%2Fnew%2F4%2Fcss%2Fstyle.css\u0026l=7578\u0026fd=540","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.728Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Finstagram%2Fnew%2F4%2Fcss%2Fstyle.css\u0026l=7578\u0026fd=540 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 31 Aug 2025 04:09:10 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":175,"timings":{"blocked":79,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D9%81%D8%AA%D8%A7%D8%A9-%D8%AC%D8%A7%D9%85%D8%B9%D9%8A%D8%A9-%D8%B6%D8%A7%D8%AC%D8%B9%D9%87.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.193Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D9%81%D8%AA%D8%A7%D8%A9-%D8%AC%D8%A7%D9%85%D8%B9%D9%8A%D8%A9-%D8%B6%D8%A7%D8%AC%D8%B9%D9%87.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 10304\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Mon, 21 Apr 2025 01:41:01 GMT\r\netag: \"2840-6805a22d-b0c22138b614e135;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vtHghOdRw8SrCQo9t9Zsm4bMbj7pBtLRGkS2sEfeMJu0hyhPGyZzf4j3ADjFnIoEbzClFfjEgWJ8w4lSto4XIgN0Opg%2BLSWYZjIKoC8Qvhz6\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92cd0256b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":10304,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"a47f82574ca7a103c3997e66c10f50ed","sha1":"16f7d39d08441480f4abe6b56738dca350f64033","sha256":"1b6946367b82511748c6acb7d177d18b9ffb3af606ec484fe559d1ccd747feb5","sha512":"1e044710ab4c3f7d41f74fad767051590f6eb04e8cea91ee802e87b987510ac4c478e9c8fc60d9c9d5f6a6877cf0e9df2903280e065cd0afb973f7f9200419af","ssdeep":"192:/8JldDkYcEAd+NHrpVthlxIYV/hZEuPDtHmg+EMnX2+rh:/8JYaAMP1hV/RPdmAMG+rh","tlshash":"6b22b095a5c4409dde8403bdc8dde220ef4faa60d20576664f903afc5bb7fd200e20ea","first_seen":"2025-06-11T04:19:23.952297Z","last_seen":"2026-02-01T06:42:59.139525Z","times_seen":12,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/filthykings-%D8%B2%D9%88%D8%AC%D8%A9-%D8%A7%D9%84%D8%A7%D8%A8-%D8%AA%D8%B1%D9%8A%D8%AF-%D8%B7.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/filthykings-%D8%B2%D9%88%D8%AC%D8%A9-%D8%A7%D9%84%D8%A7%D8%A8-%D8%AA%D8%B1%D9%8A%D8%AF-%D8%B7.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14384\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Sun, 20 Apr 2025 05:59:01 GMT\r\netag: \"3830-68048d25-6c97dbda72980c5b;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lu9oGu7HgNYZfq4BaM07CY4PTwY9y1faxBrSjsGVYRqaTh76SHKb0Cack5ABY8c2P8nFo93zCkX5y77gj1etvR8zi4xoxIO6ge47N3yz97F0\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92cd0656b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":14384,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"d616c35bf6a25acceb65156fc12955af","sha1":"aa2198710778e971eb40a611a2ccdd97a44a88a0","sha256":"04e9d4d85d686de939203bbd74be95bc2362258223b8ded0732f87e9b54a25ec","sha512":"3ad63319ff3240dcc13262190530b86c837fdd8be03dbcdf0f9edcc6d55b4173ef76ed2faea11eda1a671e905212462906f3c70ddfb64a352805e62c7fb1f582","ssdeep":"384:/8jbMxqPM79p1SDPpZF6FoUCBNJ7QFEBl2ViZ0:/8jRk7z1SDvIvCjxLB4Vi2","tlshash":"6f52c0910ebe948ec37e06b1c9dde10622af9fc35d87194faac3522cf459ae481b16d4","first_seen":"2025-06-03T14:04:26.483069Z","last_seen":"2026-02-01T06:42:59.137775Z","times_seen":14,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":65,"receive":26,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.723Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://arxnxxxxxxhd.beauty\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=9a0ffd07-1d31-4243-8262-8bbb0bdfa03b:1:1; expires=Wed, 29 Aug 2035 04:09:03 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"dfc52892456c5acc0857e6feab588395","sha1":"cdda9054fa8796b7dded9b8bdfbba8c2ddd54866","sha256":"a436b7cd15f90b885da8475c0314f5d97812eade7efb5466d835e5f3b3905bab","sha512":"29ec2a67639863c2ed1ef1302e16e28d8443395cefff1a02d493a2ef88cc0af7d35e362c84701e5167b07f64049d1ba62ff4b85c76291982b9232bc3568b576f","ssdeep":"","tlshash":"e8900451700f551740c47540f00531010f4d0541055407770045d34d337c7544d741dd","first_seen":"2025-08-31T04:09:32.384947Z","last_seen":"2025-08-31T04:09:32.384947Z","times_seen":1,"resource_available":false,"data":null}},"time_used":251,"timings":{"blocked":114,"dns":23,"connect":22,"send":0,"wait":21,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Finstagram%2Fnew%2F4%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=525","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Finstagram%2Fnew%2F4%2Fcss%2Fanimate.css\u0026l=78689\u0026fd=525 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 31 Aug 2025 04:09:10 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":93,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/mia-khalifa-%D8%AD%D9%85%D8%A7%D9%85-%D8%A7%D9%84%D9%81%D9%82%D8%A7%D8%B9%D8%A7%D8%AA-%D9%88.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.180Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/mia-khalifa-%D8%AD%D9%85%D8%A7%D9%85-%D8%A7%D9%84%D9%81%D9%82%D8%A7%D8%B9%D8%A7%D8%AA-%D9%88.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16011\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Thu, 22 May 2025 11:33:33 GMT\r\netag: \"3e8b-682f0b8d-fbaa43f511cac663;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=U3PP9%2FvAV6JtLQfGgGIQ8Bcp8cNykbT1lfF5tW3kMFi3hT%2BHXgvSEQ8v9Lc6oWPLsBSUHw3kXufZnYJK20syCOsvTzroLYvWN3EWSvvn%2BYs4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bceb56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":16011,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"789598b02a34c96fdaeb2b5daaa2f705","sha1":"115f43b7e4ae8f3aa9544c2f2b7d66afe6ce7188","sha256":"56ca660cc35dc7ad912a8091ed1cd42e95f4e1b709ea92b369771f1303f6fcbe","sha512":"8a1ecd3f2e4e7200ee3e8970f137a3b83d2a388b2b9e8a75c105077b483f2eeeac53a0f2f8d9147769daddd5a71b3c2d31e5b0bc704fb40e1fe0b796982232ad","ssdeep":"384:/8/AXEnCUkJwjdMynsBwssLoRdka4xWN5FlXwDgaEJM+6ty:/8/CUkmhMyUwsscZN5LXwDgaEJh6ty","tlshash":"e272d0d51fb12b35de58617371b01af0f593741baae70bcbda12259ac2371f262042aa","first_seen":"2025-06-11T04:19:24.009928Z","last_seen":"2026-02-01T06:42:59.134332Z","times_seen":12,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D9%84%D8%A7%D9%86%D8%A7-%D8%B1%D9%88%D8%AF%D8%B2-%D8%AA%D9%82%D9%86%D8%B9-%D8%B4%D9%82%D9%8A.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.182Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D9%84%D8%A7%D9%86%D8%A7-%D8%B1%D9%88%D8%AF%D8%B2-%D8%AA%D9%82%D9%86%D8%B9-%D8%B4%D9%82%D9%8A.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 19601\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Tue, 20 May 2025 11:41:25 GMT\r\netag: \"4c91-682c6a65-40480434fa1d8408;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ldePDUACBH8S9veyaMoO6q08oRrFDhTBubnN6j1hUvWCzX%2F0Lbmgeter%2B3w5zHg5g%2FLNVHsYWbUzEsOHjW1cEy4QUUmezlW4apKfA2geOm%2FF\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bcf056b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":19601,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"cbf732c73db0828fc682e5ca6c0cae2c","sha1":"44a26dbff9f047b145ae51081788244425099eda","sha256":"2728ee677bac8b601187cff367ca034397463ac140f79a4345d12c25a1aa4dfc","sha512":"e4f28af036e87b5952fb9fb98dbac98a97076b0fa4f5214978fdc4d33242a6d5d7663e426b60622920ba2c9e65db6960bffeb310c467454c73187aad949cfc8b","ssdeep":"384:/8qvkzFgh/mbEHZgjjLmswY1rOuKSM8ylMFb7n4i7Gh9nwRLrxu:/8qcFlQ+jjVcS3R3n7Gh9nsY","tlshash":"a192e059888db4e5c91e2036809e983da61ccb6df46d1d6f5c5e538fa06fc3a423bc87","first_seen":"2025-06-11T04:19:23.960738Z","last_seen":"2026-02-01T06:42:59.140347Z","times_seen":12,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":68,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/pixel/sbs?c=1","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:11.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sixdespise.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 21:18:16 GMT","end":"Thu, 27 Nov 2025 21:18:15 GMT"},"fingerprint":{"sha1":"63:7A:2E:0D:01:1D:43:69:FB:81:B2:C4:B0:61:32:C6:2F:EE:19:49","sha256":"0A:FD:EF:AC:F0:50:31:FC:66:10:2F:B3:22:51:4F:85:42:34:1F:1B:9B:D9:51:E4:C9:53:3E:9D:7B:21:B8:37"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: sixdespise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: uid_id2=fed922be-7416-4981-8056-05c8ad9237da:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25746648=1; slec06e777928c158d50c569544daf7510b7=[6116560]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:11 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sixdespise.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"sixdespise.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D9%85%D8%B1%D8%A7%D9%87%D9%82-%D9%8A%D8%B5%D8%A7%D8%A8-%D8%A8%D8%A7%D9%84%D8%B5%D8%AF%D9%85.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.191Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D9%85%D8%B1%D8%A7%D9%87%D9%82-%D9%8A%D8%B5%D8%A7%D8%A8-%D8%A8%D8%A7%D9%84%D8%B5%D8%AF%D9%85.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 5815\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Mon, 28 Apr 2025 11:42:14 GMT\r\netag: \"16b7-680f6996-87d5b34bd686f702;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=5N7u1lLba%2B6Hnp5%2FRFaLMK0BDx%2FHujeQje2W04kKRLgRSE5Dcuw%2FqHjriNxLTEaOUil%2FqpWhR7j97OFR5Nd2136uwmcjRIpzfWcSgYlRV7mb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92ccfc56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5815,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"576a6062f3d70c956499c84e0f1d553a","sha1":"d2ab6c0e5dcf0b16e08b4d1681c52b805ea33b71","sha256":"2cd29629c128e4a96a9b410647aef448bf8ecf5ee7974f2e24a905ccd86f85dd","sha512":"568182c1d78542dfb95bbbc19735b75035d137c97e0d4a17b10c4e71583b6d90747348b5efe1fd13cdeaf2006296f287da35a7c47bd245d065d3b5bdaa491414","ssdeep":"96:/8s70L4JnqgcGMwhpOWg5Vv3kyQwq1og/+u4xLaM9+yxA8QoWn2uSH:/8zLeyGth3kV8ym1og/+uMNQyK8QoW2p","tlshash":"eac18d1ddf584742d0b85a714bf288c4384895059bda2bdedaa70c28cc6e5bddb3529c","first_seen":"2025-06-11T04:19:24.005836Z","last_seen":"2026-02-01T06:42:59.143872Z","times_seen":12,"resource_available":false,"data":null}},"time_used":67,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D8%B1%D8%A7%D9%8A%D9%84%D9%8A-%D8%AA%D8%B5%D8%A8%D8%AD-%D8%B9%D8%A7%D9%87%D8%B1%D8%A9-%D9%81.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D8%B1%D8%A7%D9%8A%D9%84%D9%8A-%D8%AA%D8%B5%D8%A8%D8%AD-%D8%B9%D8%A7%D9%87%D8%B1%D8%A9-%D9%81.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 15938\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Sun, 20 Apr 2025 02:31:01 GMT\r\netag: \"3e42-68045c65-5d2a97803f3910a;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7J1KW7Sawl6G5THod8Y2TqaYk8E%2FxIzoXpk66W%2FuiTiYS4dgb7ZZqGfpCVG5wgmOXA%2FDKIc7bJ4TTPm3iie31hR02u4cKpFdeuCPpWl2xbHW\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92cd0756b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15938,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"c0791575b213b3cbde1e98ab47996d7d","sha1":"fa08490d1a848657a2d0022b1347368049df6110","sha256":"95ce826ed67a6fd2e42ee17a6f90cca0c80205a0547f91a832881fc42209921f","sha512":"cc18554d4716d9e5c827071c850366f537b9ecd871485bfe979d0a816b7830861f3ede3060ab9413181952f765d1fabce351a0c41e83977929e055c622b46ae3","ssdeep":"384:/8k1UQXXZTb7zxv2+RNTMAxfbf/D51DUYzlkHrSBjn/uveA2N4D42:/8EZHnxvDTzxbf/XDRkM/OnDF","tlshash":"9362bf80bf8bf773cc119639b22ab5470321ef41944b0965b42b05d276598c9e16daed","first_seen":"2025-06-11T04:19:23.974354Z","last_seen":"2026-02-01T06:42:59.128578Z","times_seen":12,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Finstagram%2Fnew%2F4%2Fjs%2Fscript.js\u0026l=444\u0026fd=553","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.748Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Fssp%2Futility%2Fsocial-media%2Finstagram%2Fnew%2F4%2Fjs%2Fscript.js\u0026l=444\u0026fd=553 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:11 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":556,"timings":{"blocked":264,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/utility/social-media/instagram/new/4/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/utility/social-media/instagram/new/4/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:10 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=IE4MLS%2FeVegHFglgcFQFzPqhxdgvAF1bL6tBRNhjmsdrElzjjSzwawrDDDxogHWk9Cm1aQz4yXDf0eFxWR0%2FiupZ4v5LI5k%2BBSFI3dLt\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"65aa84ff-1bc\"\r\ncontent-encoding: br\r\ncf-ray: 9779abbef8e556c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":444,"size_decoded":0,"mime_type":"application/javascript","magic":"ASCII text","md5":"02eef03d816f45efe77308aba07b0e94","sha1":"67ed5890e847d96a9cae9870e1adc821f551be35","sha256":"45cf2559fcb1af6347e9de4e1d2fad22896f10066e72bce39b0d1f19cda13824","sha512":"a8da3e933659ddddd30a3fe6d1347b31609807a3c16a5e954fed8d26cd21ead9f8a48a76b49ef7114ff198859aed2093da09df7dc2c39f10ddfcaa461f6d4639","ssdeep":"","tlshash":"f4f05c346174423453b7e1a6328b6b9e2130065fd0058249b42c574a1ee1ba522e2ba7","first_seen":"2023-04-06T09:46:19Z","last_seen":"2026-04-12T05:56:34.365744Z","times_seen":802,"resource_available":false,"data":null}},"time_used":585,"timings":{"blocked":38,"dns":11,"connect":3,"send":0,"wait":507,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"badlandlispyippee.com/on.js","fqdn":"badlandlispyippee.com","domain":"badlandlispyippee.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.198Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"badlandlispyippee.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 14:34:15 GMT","end":"Fri, 07 Nov 2025 14:34:14 GMT"},"fingerprint":{"sha1":"DF:E4:30:5E:8F:8F:0C:5A:39:BE:D0:DB:C9:EC:3F:3A:32:2D:2B:A2","sha256":"12:B3:44:4D:46:2F:A0:BD:8E:7F:F5:DA:05:A3:36:B0:FA:31:03:4C:78:0B:E4:4C:15:45:32:53:04:4F:11:23"}}},"request":{"raw":"GET /on.js HTTP/1.1\r\nHost: badlandlispyippee.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Thu, 28 Aug 2025 11:23:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68b03c3c-24022\"\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\ncache-control: max-age=604800\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":147490,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"960f1e798dcf161a95d1db699db159e0","sha1":"51f58bb6d133cfc7522a48c23fa29549b7f69802","sha256":"ef27880b140f45e3f756e6958d55d440f871cc8a743a6bb6ebb63f22eef31609","sha512":"1c93eaf57da5b39bf33dace37c355a73a23007e6367c01c1a8159a69e66a21bc0350bba3d0e1bc53ccbf65e10829b49cea7e85f83c85a0d93ae60c32e858a95c","ssdeep":"1536:zOzlCoIBDv2giJjLnCwsoRoBX1q1BLN5JqgXR87uiKNsjPAGoJMSKxWOiiyiPXRU:zagTW3xqALEQRX2SKxNiSR1G","tlshash":"6ce3b58c798a3eb64253a4a90c7fb507b6355cd5e0ff00849866c3d46cfb60ed227ab5","first_seen":"2025-08-28T15:12:06.503912Z","last_seen":"2025-09-01T05:48:29.588991Z","times_seen":60,"resource_available":true,"data":null}},"time_used":145,"timings":{"blocked":50,"dns":32,"connect":19,"send":0,"wait":18,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 31 Aug 2025 04:09:03 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b8196e7f77f380c8c2d3ad6af5575da4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":62,"dns":1,"connect":17,"send":0,"wait":23,"receive":18,"ssl":42},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.367Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: uid_id2=fed922be-7416-4981-8056-05c8ad9237da:1:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://arxnxxxxxxhd.beauty\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"24ecff49b081ae8476a5eef8244ab424","sha1":"9badcb369b13b1e63fa51bfa87f7a1a815f861e5","sha256":"0db48ca6747a72de0e200ca33ddfa93f0b7c81ebeef1f5c43f7fd2133ca2ceee","sha512":"e5490b69fb932e38e5fb0c3606e78ea5f4ce3b125233b11c0e7ac0bfc57b3be33be948a54da96dd34df7332f0e03a184222db58a0b9f5dc2bfb16361cf30745c","ssdeep":"","tlshash":"21900401750505503f101d0cdd0fd70c344d11103000705530d14cc41f0743d4010431","first_seen":"2025-08-31T04:09:32.39769Z","last_seen":"2025-08-31T04:09:32.39769Z","times_seen":1,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/utility/social-media/instagram/new/4/css/animate.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/utility/social-media/instagram/new/4/css/animate.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:10 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84ff-13361\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=G2uYsEzWKQLefgQYMKP%2BvKywYD5NGlkYuWjJexbmR48om0LGdpcOiB5WmQvDITiUk7%2Bv9aiGnqt0lYTSt6v5U2Zdz7MgejszTFgGT3Y5\"}]}\r\ncf-ray: 9779abbef8e256c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":78689,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"3d4123dbfb33d27a5cfdfcfa91df6783","sha1":"e7d0eeeec54b848f0bc3da8685fa3bc88429d660","sha256":"cb7d1393b65701b2f97d8da244c2c6023e9cbc3463ecb0136b915cfc775c6887","sha512":"75c8a48dc207595e201b50b87ff68782112a21aded9f15f14185c07d40f0151d6afe74a2b278aa575caf12ac422e8166316296ed7b6573ea24e667cca4af51dd","ssdeep":"384:jvuAuF81dghu3ublZlX/m/Gu7uNUtrL4VrbZJgBhLYNKwZiMUL6Vpaj7F:jvuAu21dghu3uLu7uNKwZiMUL6Vpaj7F","tlshash":"22731bad399115845263861d83df9e68273ce5731826acef73c2488bcf8bf9867c9147","first_seen":"2024-01-20T06:37:31Z","last_seen":"2026-05-31T17:21:59.964313Z","times_seen":11683,"resource_available":false,"data":null}},"time_used":567,"timings":{"blocked":47,"dns":21,"connect":1,"send":0,"wait":472,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 23:05:43 GMT","end":"Fri, 28 Nov 2025 23:05:42 GMT"},"fingerprint":{"sha1":"B9:51:95:1F:A8:75:17:3A:9B:B1:75:96:F4:7D:7A:CF:3D:52:C9:71","sha256":"36:D1:B1:18:05:03:10:B2:46:BC:6C:71:A5:E7:BE:07:32:66:88:16:04:1E:5F:96:0F:10:B6:4B:BF:01:D1:42"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 31 Aug 2025 04:09:03 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32182\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 48136b3ff3f89724ae97e87741bd1e51\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85386,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"46a6fef91632b94d14252fe324c1585f","sha1":"387cebbd261b8fe947fe9805875300f2ceeb5cfd","sha256":"36d0c771f8bf310d740cb4d0ca144354c45df284e72361660448708d72f175d5","sha512":"a3aaa1b5ab1113a12793bd1085332eb257416aaa9c4a690525838b91453a281580a979bfb856b3c429c2d4243c3ce02bd318a4b7048124eef96912179836d0fd","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRL:nPncLBSUBULGVTfGpucE5fox","tlshash":"528395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-07-08T10:38:39.799377Z","last_seen":"2025-11-18T17:01:51.014373Z","times_seen":15230,"resource_available":true,"data":null}},"time_used":153,"timings":{"blocked":55,"dns":1,"connect":17,"send":0,"wait":23,"receive":18,"ssl":36},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-30","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/utility/social-media/instagram/new/4/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.300Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/utility/social-media/instagram/new/4/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:10 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8hAXhnRMXE%2FRu7XcamWuGUizsbynCz23BpBctMCrSq3EHxspENdEVCiDH1dG5UuRhf4Zad6DCnVMiZj3EUhxZ172Z4KB%2BGs7pR4rst6H\"}]}\r\nage: 162328\r\ncf-cache-status: HIT\r\netag: W/\"65aa84ff-52a\"\r\ncontent-encoding: br\r\ncf-ray: 9779abbf590e56c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1322,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"3edeb68064815a05dc25ee715b546048","sha1":"6ed43c4d875aa7d955e4897c9b78bab55ab4f735","sha256":"6d87b433d8a0e4648ae21a4491bf63848bf8bb19eb215399d5b6370cb0e6d48f","sha512":"bc27f8afeab37cd3649be7bee629251f5cdea1cb17fc2ceda9257c10ee00833c3da16e12bdf262eefaef5be057d806904f6596c535f46fd6331c332d47aa8eb7","ssdeep":"","tlshash":"772197d4658a2e3eb324fbf0c174157867e422b2bf10e54c739b386b7214a9304c8e14","first_seen":"2023-05-10T13:19:33Z","last_seen":"2026-04-12T05:56:34.364196Z","times_seen":710,"resource_available":false,"data":null}},"time_used":11,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D9%88%D9%82%D8%AA-%D8%A7%D9%84%D8%A8%D8%A7%D9%84%D8%BA%D9%8A%D9%86-%D8%B2%D9%88%D8%AC%D8%A9-.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D9%88%D9%82%D8%AA-%D8%A7%D9%84%D8%A8%D8%A7%D9%84%D8%BA%D9%8A%D9%86-%D8%B2%D9%88%D8%AC%D8%A9-.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 18856\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Fri, 25 Jul 2025 20:53:15 GMT\r\netag: \"49a8-6883eebb-144ee671c80e97dd;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=oCBWszx7eyGr68FBJdiYAkr0FWqmoqMYBKpvzbrh%2F%2FcvDb5WHE%2Fv9n2vw5fwuaypCsgAk6hL85oXe5onym8QVFJ8pnj%2Fxtkk9APzHJfMzPkE\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bce556b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":18856,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"0e467f94bddf3f1bb4b8a329a516c4a9","sha1":"193a87f8ae3eedd6944f6bb9b8593a87133efd43","sha256":"d197f68f48167c59d12de80da9e4533230f898020bd85d50487d6a482a638a1d","sha512":"fc53e93b424ee09e7fa856b5655db67dfd6f525d3ed55af1de2e3ca13b1d6c0dc292c78e70f0cd2fd623b5cfebdccef4f640b63dbdb8da6ef537241456fd2da8","ssdeep":"384:/88cmgBGxrr4A8PieSDzLqmGfHFfMXcdiX4Qhm7+t5yEgZGw6H:/88aG9LOiVDzb/lFhm76T1H","tlshash":"a882e09dfb1c7a85ff6d216f409035e736021d85b4a680b1db6d4c3f666b85af4c802b","first_seen":"2025-08-28T23:04:51.321515Z","last_seen":"2026-02-01T06:42:59.130739Z","times_seen":10,"resource_available":false,"data":null}},"time_used":82,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":22,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/porndudecasting-milf-%D8%B0%D8%A7%D8%AA-%D8%A7%D9%84%D8%B4%D8%B9%D8%B1-%D8%A7%D9%84%D8%A7%D8%AD.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/porndudecasting-milf-%D8%B0%D8%A7%D8%AA-%D8%A7%D9%84%D8%B4%D8%B9%D8%B1-%D8%A7%D9%84%D8%A7%D8%AD.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12735\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Sun, 01 Jun 2025 13:19:25 GMT\r\netag: \"31bf-683c535d-4bf121b01b8381dc;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Lddpi%2FO2PBJptaUIZUoNQcfQXS2I2CUO%2Fn5dP00ty0XdzMiJpD5yuPVZyBve76leX3g%2BjfOK25UM%2FEdzCpmpPQB9DsMmKNztissZ2iJa2Eqb\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bcea56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12735,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"643cf0c1cc39a8e6e8cdeb356ae7693b","sha1":"c305a79df0693b2bc33260bb3e06c55b70430bb9","sha256":"21fea7ad4d24a11f93b4555901ea7e562393a36fd366893a557419d21605f510","sha512":"1412292486772a56d959f387d7d51dcf2be4de3fd8426e05779153da4d4059351a18d415c6c34c05053e8b9f3776492c9487d4b8fc23cc906278a554155488f6","ssdeep":"192:/8AIkMXQM3pX/rouSudLMiojoZojPK9YQSmZGSDKYI4fHNyR6QMtl4i:/8AITP5vFzZo3TK9qyI4PO6QMb","tlshash":"4442d0d06c2ddcb0d7269437801da99c3464ef60dc5809d77641aaf487a3abbdb153d3","first_seen":"2025-06-11T04:19:23.942842Z","last_seen":"2026-02-01T06:42:59.126344Z","times_seen":12,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D8%B7%D8%A7%D9%84%D8%A8%D8%A9-%D9%85%D9%8A%D8%B1%D8%A7-%D9%88%D9%8A%D8%AA.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D8%B7%D8%A7%D9%84%D8%A8%D8%A9-%D9%85%D9%8A%D8%B1%D8%A7-%D9%88%D9%8A%D8%AA.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12649\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Tue, 20 May 2025 11:49:45 GMT\r\netag: \"3169-682c6c59-123b1f2fb06f6fa9;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=R%2FUhXbjTKrkE4DbDEfMNXjahW8VZBVhkyCsoD1s8BcvjSU7yDmEE%2FKJx9zoVS%2Bwtb7PqWp6gFACCmjRvd8tsEgO93P3V1sbWQL5XTer%2F%2FlXD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bcee56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12649,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"41aa4800e0ac1a6602eacff8f90c5834","sha1":"fb4268aa9bd6562fa71be3fdce7848d25ae4766a","sha256":"85934893009c44edd7e984636866fba94f061ed18654218e1ea254ffbd86c273","sha512":"2405f80937bf8fe504d9adc0b5911d4ffd63b8b8b7d36cd78778134cf2ecce2546d82b53f92f7b4689dcc6d1f27db04f3145789adbbfc8227b174b0812f36a5f","ssdeep":"384:/8rrGV5WC1jOndjU7TZ39/5azxm+kY7XT2P57w:/8WInZU5VwBko8u","tlshash":"4642bf0808a708fdf68c65303099927ff908db08564e85575678bd2b14ff5fa6bc15af","first_seen":"2025-06-11T04:19:23.981708Z","last_seen":"2026-02-01T06:42:59.135385Z","times_seen":12,"resource_available":false,"data":null}},"time_used":61,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D9%85%D9%8A%D8%B1%D8%A7-%D9%86%D9%88%D8%B1%D9%8A-%D9%81%D8%AA%D8%A7%D8%A9-%D8%B9%D8%B1%D8%A7.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.183Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D9%85%D9%8A%D8%B1%D8%A7-%D9%86%D9%88%D8%B1%D9%8A-%D9%81%D8%AA%D8%A7%D8%A9-%D8%B9%D8%B1%D8%A7.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9559\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Sun, 11 May 2025 02:55:32 GMT\r\netag: \"2557-682011a4-5af154c0b494dfbc;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=lTTH3xMeaGD4zhoY2UloxR1CcsojR15PHZ7b%2FTYRSen%2FPr%2BeHSwWGgDqOakfTpUwZVN9XJUCC5Ce3resdhvzEFb%2FY%2B7l8fvvQeLwK9AebpGB\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bcf256b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]}],"data":{"size":9559,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"a3b5fc9bce057ecdca79fc9c5e7ef98d","sha1":"22bcf0afb604144b806bdd810bcfdf3f7dea5d06","sha256":"0ff8f72544931068f1fc14eca126a043ad3d49ca396be2de08b2ef4f61d8efe3","sha512":"ed9ec89e4a48b6aa708a98036c4f0beacafde506e2e34d45c19b8550cfb87e11b22f98837f08696d0b66d3a99c57db4ac4dfaa8965eb6c07071c1ab4cdacade8","ssdeep":"192:/8qlsZWChN86E5OjnevUSxknnAj8664wVCzULmUMGXyk6cySIZIGAiXD:/8avCPJE5knevUMU28D43vHGXyPSrSz","tlshash":"5c12b07b1a7252b7e5c0e37359109f9b3114830ac9eecdb2ec0a189ce04e2d38e6551d","first_seen":"2025-06-11T04:19:24.0122Z","last_seen":"2026-02-01T06:42:59.142222Z","times_seen":12,"resource_available":false,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-sb.com/sb/au/d3/55/fb/d355fb06fa4f4907609b7d285fa07f7a/1664530003.html","fqdn":"cdn.show-sb.com","domain":"show-sb.com","tld":"com"},"ip":{"addr":"104.21.95.140","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:09.600Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-sb.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 10 Aug 2025 11:11:15 GMT","end":"Sat, 08 Nov 2025 12:08:40 GMT"},"fingerprint":{"sha1":"46:26:78:BD:18:7A:95:15:D4:B3:89:73:FE:7E:99:33:18:7F:21:3E","sha256":"AD:6B:6A:10:54:38:33:B9:BB:A6:FD:B7:B0:1B:2E:9D:62:B8:47:35:C4:E6:7B:F6:4A:92:AA:75:B0:29:F7:F3"}}},"request":{"raw":"GET /sb/au/d3/55/fb/d355fb06fa4f4907609b7d285fa07f7a/1664530003.html HTTP/1.1\r\nHost: cdn.show-sb.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:10 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Fri, 30 Sep 2022 09:26:48 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=2c%2BAVOETjSfXaQzMP%2FiGqP%2B2ldWXhut7YfDXfKD9XUbS1SPHgSIpXh5ysIl630mCDEZnKKOgwBCTyeZmW2T%2B995NFEN480%2BXd13dfew%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9779abbb492fb4f3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1175,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"4cadfafa63acfac77d51a9e8d602fd56","sha1":"59d686d83b171e39e607a1223cd6dced146a785a","sha256":"51ce9d4f3e78c378cf86521d43deafdb23e01a4c859b72e2ca7bef73736ceaac","sha512":"51c92a795bf48cd528dd5805f58ee2fd93afce26668870d4111c359c03b3b51df12f88314d4f82c51891689ba83ae73bad80f87359c73f506034f94d35df046b","ssdeep":"","tlshash":"6d213d516ee9c537029350c07b706f2be881d583894e9d407bbc49588fd5ec1c967407","first_seen":"2023-04-05T23:50:36Z","last_seen":"2026-04-12T05:56:34.356483Z","times_seen":710,"resource_available":false,"data":null}},"time_used":578,"timings":{"blocked":50,"dns":35,"connect":1,"send":0,"wait":475,"receive":0,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"frozenassumption.com/bMXgV.s-dwGFlf0HYNWXcD/Oebmc9duiZnUjlakfP-T/YIyiMazSU/0/NXDeMntJNyjPITzMNKT/Qc0yNiAH","fqdn":"frozenassumption.com","domain":"frozenassumption.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.726Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"frozenassumption.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 Aug 2025 16:04:09 GMT","end":"Wed, 05 Nov 2025 16:04:08 GMT"},"fingerprint":{"sha1":"BE:1E:1C:A1:30:81:60:7C:8F:22:23:68:63:AB:95:28:B6:42:9C:2A","sha256":"1D:CB:F9:EC:D0:E1:42:F8:97:69:F0:D9:31:18:DB:A1:9F:75:BD:0D:F3:16:EB:65:38:E3:57:BF:E2:B6:F0:D8"}}},"request":{"raw":"GET /bMXgV.s-dwGFlf0HYNWXcD/Oebmc9duiZnUjlakfP-T/YIyiMazSU/0/NXDeMntJNyjPITzMNKT/Qc0yNiAH HTTP/1.1\r\nHost: frozenassumption.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: application/javascript\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://arxnxxxxxxhd.beauty\r\nlast-modified: Sun, 31 Aug 2025 04:09:03 GMT\r\naccess-control-allow-headers: Content-Type\r\nvary: Accept-Encoding, Origin\r\naccess-control-allow-methods: GET\r\nset-cookie: uniqCookie=f55bd92325c5a7702dc1144a81b0defc; max-age=1759205343; path=/\r\nx-content-type-options: nosniff\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":38708,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (22770)","md5":"224a56f7260d2ba3bbc0bad005b278c6","sha1":"e46e254aaaf1282df1b46ef3225a82dc6db011ff","sha256":"9fa5ad354c1085bf0439df5f8d8ea766190493665903308b5b42c8345ede1402","sha512":"d53b5b22cca0219d9b1baece165994e315c6da99197a077d80ea1868da97fc43471f0de704f046d973baad10a298555278f497e6fe8e1988a43393fa18d1b1c6","ssdeep":"768:QZhdZg7J02MCfTF9dFaQpp8JY29c6SboEBkleZ2YoOcLh6YPTgLg0oDEiG82ImLH:QZ1g7JQCqQpp8Jr9c6SboEBkleZ2qcLU","tlshash":"3a03b7c8b1c3642642eb507d713b7208b23a54655429b028bc79c8e4fc79e9f8577bbd","first_seen":"2025-08-31T04:09:32.409355Z","last_seen":"2025-08-31T04:09:32.409355Z","times_seen":1,"resource_available":true,"data":null}},"time_used":278,"timings":{"blocked":114,"dns":56,"connect":17,"send":0,"wait":49,"receive":0,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"frozenassumption.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"badlandlispyippee.com/check.html","fqdn":"badlandlispyippee.com","domain":"badlandlispyippee.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.126Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"badlandlispyippee.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 14:34:15 GMT","end":"Fri, 07 Nov 2025 14:34:14 GMT"},"fingerprint":{"sha1":"DF:E4:30:5E:8F:8F:0C:5A:39:BE:D0:DB:C9:EC:3F:3A:32:2D:2B:A2","sha256":"12:B3:44:4D:46:2F:A0:BD:8E:7F:F5:DA:05:A3:36:B0:FA:31:03:4C:78:0B:E4:4C:15:45:32:53:04:4F:11:23"}}},"request":{"raw":"GET /check.html HTTP/1.1\r\nHost: badlandlispyippee.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: text/html; charset=utf-8\r\nlast-modified: Thu, 21 Aug 2025 06:34:40 GMT\r\nvary: Accept-Encoding\r\netag: W/\"68a6be00-39e\"\r\nx-js-ab: current\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":926,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, ASCII text","md5":"088dba8e97eede53134c93219f7ebbae","sha1":"adb707654d1fe0af7d0d7a9f55660d22bd3625e4","sha256":"6da0120b4c7bc45b63fcbb87595c3c1ea2cdca482b0c48d4d2ab434f9e897aff","sha512":"23a1f87731e8aee4658993cd1ce35ec179fea80b89bf52aca7634488f1bdfcf88b9cabca4859481357a9fee06cbb49df64bbe0878b1dae0e5df4fa34003c6d80","ssdeep":"","tlshash":"6211d04934e1684c1127a6301597a2183c32a40315cbd949fb9cd7301f815a7dc596df","first_seen":"2024-11-22T16:59:41.974716Z","last_seen":"2026-03-04T10:11:28.020186Z","times_seen":13721,"resource_available":false,"data":null}},"time_used":18,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/static/fav/favicon-16x16.png","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.311Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /static/fav/favicon-16x16.png HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: UGVyc2lzdFN0b3JhZ2U=%7B%7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 1535\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 06 Sep 2025 22:52:58 GMT\r\nlast-modified: Tue, 10 Dec 2024 11:02:24 GMT\r\netag: \"5ff-67581fc0-ec364d16d950c9de;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\nx-turbo-charged-by: LiteSpeed\r\nage: 18966\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FX%2FejbOZU5OKK4iAImuiQA1xlrhR7KqmP9jIpkBi1kWRGcGD1ISZtYXV%2Fkjm6sDOGb%2B%2FfySIu5VcEQlb413F6ElkWUaluyrLHDEPqFrJUnhv\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab99e89b56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1535,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 16 x 16, 8-bit colormap, non-interlaced","md5":"5ba1993d7e5f59ec8ca047357205a561","sha1":"a4c52f9a996f836f12c5117ee5455d799e40b07e","sha256":"3848765f7a2ef76f2b7756477816ca51776d0da07de1a599bd0a5e6ce5f2c3c9","sha512":"8c18c2f91e4e2f7c9f1f34e8228ecbbb451d40f717f95b180f1cc11faa2a081600c99d6ed7c77dae71ba4624bb6bd71e1d874cd47f2cb1ef9edcc6ed3e8dc430","ssdeep":"","tlshash":"483197d6f65094a3c7622b76bb16b482c65f010b0d1b47137dcbd45024992b943f9e52","first_seen":"2025-02-07T06:28:23.106169Z","last_seen":"2026-05-27T15:38:43.644787Z","times_seen":786,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/impr.gif?sid=H4sIAAAAAAAC_1RSTWgkRRSuzuam4M-KgrAwhz0omEn3TM9Pu8Lquu6yGJO4G8lBPFRXVU_K6e5qq7qnJ3MKBiTHEURUEDrfJBvUVRTPgkw8GRUdQQy4OShePSjsWXoyEH3Q772ur6r4vu_VW7vZCakjo8erL6mBDEO62KjalSfWZcxVbirLaxXHrtqXKusybrqXKv0y6d7TTt2t2k9WrgvWVYs127Ftx3Yq16QWgeovTlHI5I7nVD276taqTsNFX___32QWDLXAeyfkYUg-eeCP4FVINkYcfX5VmG6qkqdeiLKQpkqjxw9eibuxymNEZ22gLQTxwWw3lJkQ8t4cVHwwUwDV2ysVwJcTMvfoXfjxwYwm_N7-KVM_hIjh8_uQ98YQ4RiSjsHUNiT_iQCMY3kFcXR7Wemcbp6itEQnZP7eP5D5hMzffQRx9NmVUPYrt1SYpVLFBv2ggOyPITtjJNkh0sEcZH4Ilr4JyX8gi_eWEEd7KyZUkPz4YiC4V6v5YqHlOs0F12s7C2270VywG6xNuVertzidWiSDMaixkJWftJAFFrLEQsSPK67ddplD683A46xlu9R1ufBtr12zbeqxFjJWch8iTYZg4RBMbyHRW-jKIXT2NcxGAcMtmJSgxwvkgiA3BDklyCVBnhLkvWKfh6Zmits8NJnvzGptVuvFSKWdXbqv0o6ICageQvNiTyZvmG2w9NxoEBg-UmWiflqMqM-L3eSEPFTaau389iu64rhiN0Wr1fJqbeY02rxhs0bTa7gup0Gr4dh-C0YWkGZuasZATsj1-_9CIifE-tCDTw9hwkMw-SBodgE0L0A3CgziT6nux_1-f4NXmYrAVYEknUe6ae2GJ-Tx6WRfW_sRgh09O_9dGd-D6QKJLvC6_IagE-6Mbqqc7N1UuSFfrCSpjOSAllO_ldJUnPv4RbGZK81vXDXDj55jJVC2d9aESZdozGXcMeSTK5Jzoa8pzQT56oZZF_5qZjauZDrOkqXV56_diBItjJEqHoOWqv7WYHJCzr__2PRFu7_8DqnH0FmBKDsiswBLtmCSM-5GEejwDPcTC3lWjHTNP1sM5YS83B0jFEeX33n34gfnn7kA6hcw4j8Hz_qRpuUNVBa7ZgcdbYGm24ijAj1doBcWoOEQJjs3ShN9dPnn-jTgh9bID7W154c6fPvUZiOPK0Fd1Jhtt1tNp94OhFN3OQsabdfjTWrX6wKpmWx8-e2f_wYAAP__gYVKSbMEAAA=","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:11.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sixdespise.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 21:18:16 GMT","end":"Thu, 27 Nov 2025 21:18:15 GMT"},"fingerprint":{"sha1":"63:7A:2E:0D:01:1D:43:69:FB:81:B2:C4:B0:61:32:C6:2F:EE:19:49","sha256":"0A:FD:EF:AC:F0:50:31:FC:66:10:2F:B3:22:51:4F:85:42:34:1F:1B:9B:D9:51:E4:C9:53:3E:9D:7B:21:B8:37"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSTWgkRRSuzuam4M-KgrAwhz0omEn3TM9Pu8Lquu6yGJO4G8lBPFRXVU_K6e5qq7qnJ3MKBiTHEURUEDrfJBvUVRTPgkw8GRUdQQy4OShePSjsWXoyEH3Q772ur6r4vu_VW7vZCakjo8erL6mBDEO62KjalSfWZcxVbirLaxXHrtqXKusybrqXKv0y6d7TTt2t2k9WrgvWVYs127Ftx3Yq16QWgeovTlHI5I7nVD276taqTsNFX___32QWDLXAeyfkYUg-eeCP4FVINkYcfX5VmG6qkqdeiLKQpkqjxw9eibuxymNEZ22gLQTxwWw3lJkQ8t4cVHwwUwDV2ysVwJcTMvfoXfjxwYwm_N7-KVM_hIjh8_uQ98YQ4RiSjsHUNiT_iQCMY3kFcXR7Wemcbp6itEQnZP7eP5D5hMzffQRx9NmVUPYrt1SYpVLFBv2ggOyPITtjJNkh0sEcZH4Ilr4JyX8gi_eWEEd7KyZUkPz4YiC4V6v5YqHlOs0F12s7C2270VywG6xNuVertzidWiSDMaixkJWftJAFFrLEQsSPK67ddplD683A46xlu9R1ufBtr12zbeqxFjJWch8iTYZg4RBMbyHRW-jKIXT2NcxGAcMtmJSgxwvkgiA3BDklyCVBnhLkvWKfh6Zmits8NJnvzGptVuvFSKWdXbqv0o6ICageQvNiTyZvmG2w9NxoEBg-UmWiflqMqM-L3eSEPFTaau389iu64rhiN0Wr1fJqbeY02rxhs0bTa7gup0Gr4dh-C0YWkGZuasZATsj1-_9CIifE-tCDTw9hwkMw-SBodgE0L0A3CgziT6nux_1-f4NXmYrAVYEknUe6ae2GJ-Tx6WRfW_sRgh09O_9dGd-D6QKJLvC6_IagE-6Mbqqc7N1UuSFfrCSpjOSAllO_ldJUnPv4RbGZK81vXDXDj55jJVC2d9aESZdozGXcMeSTK5Jzoa8pzQT56oZZF_5qZjauZDrOkqXV56_diBItjJEqHoOWqv7WYHJCzr__2PRFu7_8DqnH0FmBKDsiswBLtmCSM-5GEejwDPcTC3lWjHTNP1sM5YS83B0jFEeX33n34gfnn7kA6hcw4j8Hz_qRpuUNVBa7ZgcdbYGm24ijAj1doBcWoOEQJjs3ShN9dPnn-jTgh9bID7W154c6fPvUZiOPK0Fd1Jhtt1tNp94OhFN3OQsabdfjTWrX6wKpmWx8-e2f_wYAAP__gYVKSbMEAAA= HTTP/1.1\r\nHost: sixdespise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: uid_id2=fed922be-7416-4981-8056-05c8ad9237da:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25746648=1; slec06e777928c158d50c569544daf7510b7=[6116560]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:11 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nSet-Cookie: iprc_l+5188290c0e698c47fdc4d3b6f395cd22=6116560; expires=Mon, 01 Sep 2025 04:09:11 GMT; path=/; secure; SameSite=None\niprc_l:6116560=3; expires=Mon, 01 Sep 2025 04:09:11 GMT; path=/; secure; SameSite=None\niprc_a+2ff9f34e1d88037a856e1120bc1b9d98=127602; expires=Tue, 02 Sep 2025 04:09:11 GMT; path=/; secure; SameSite=None\niprc_a:127602=1; expires=Tue, 02 Sep 2025 04:09:11 GMT; path=/; secure; SameSite=None\r\nHost: sixdespise.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a959555e3a029a60af056274010cdea4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"sixdespise.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-08-31T04:09:02.834Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:02 GMT\r\ncontent-type: text/html; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zCpcXFN70s9tAHG%2FW3Dx%2FqbkhfYNEI5XgfH6El3H2iF7F7inC8maxEepxnsLVDu1RDnyCsKQBAItO6R8%2FqxV0nYRFc0jCwApCospwPbx71gC\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9779ab90efa156af-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":65627,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (7740)","md5":"35429a73cd4f2298ca78912d6f90a2a0","sha1":"7cbf88042519eb0fd4e4820badcda297ebb48164","sha256":"44a1b37b4f30b2f37f75b49d7c599f543f6708c43c0f8cc87c0f889bbd99ae7c","sha512":"16f5cf69a8a4f5e5acd6a6fb5ecc6f469070d9af1292453617cea4c5a3f00946b6a1b5a6e84b20efad20f5cf8225e892f09ae0c6bfe6c43a20161ba85251a0cc","ssdeep":"768:OQJ7+D2EFqn6xh4hImxzxGxMHjuJbg6cTUTwg/rdeHWwTvf5xVg8g:Op6EFqAh4p9sMHggJTUcp7g","tlshash":"9a531f440394d4a60e12526fe5807ceedb672d6ebbe5fd20331c490a8f9bda3d4251ee","first_seen":"2025-08-31T04:09:32.414033Z","last_seen":"2025-08-31T04:09:32.414033Z","times_seen":1,"resource_available":false,"data":null}},"time_used":141,"timings":{"blocked":29,"dns":11,"connect":1,"send":0,"wait":82,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/static/fav/android-icon-192x192.png","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.309Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /static/fav/android-icon-192x192.png HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: UGVyc2lzdFN0b3JhZ2U=%7B%7D\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: image/png\r\ncontent-length: 18106\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 06 Sep 2025 22:26:38 GMT\r\nlast-modified: Tue, 10 Dec 2024 11:02:24 GMT\r\netag: \"46ba-67581fc0-5e06bab95e36c34e;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\nx-turbo-charged-by: LiteSpeed\r\nage: 20545\r\ncf-cache-status: HIT\r\npriority: u=6,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yEmSMQLPMj3pHqXhRMdAavtgg5C5XBpXVWahS5GGvH2fc500vL8NXoBSwgZqBzmhxJEagdLZOq%2BMKDOGBH8D9m3k5pPxW3vpEH%2B2U9V3dgkU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab99e89a56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":18106,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 192 x 192, 8-bit/color RGBA, non-interlaced","md5":"7317565a72a2609942ffd9ea817c24a2","sha1":"8b71929f48ded315925fd455dc49ea0ce62f8b43","sha256":"20eb10a8c33057ec2a14f878845d6c511432b0194463925f1ff6f3d3cad7f640","sha512":"e1063d48b6fb847596efa360b18a37c59291b2c9e37ea76f28452c685cc71c3c1f6d049d98f7ff3731cb92bc0ce9e6476693085c479f9052ce9e0db87e4ac73a","ssdeep":"384:GVVVfMfNdtbZ2pDcuOvYq26iW7bfrworwwG/cvVjSKynbJ/8L/G:GVVVfGdtbIDPYbfrwonY4VeKynbJES","tlshash":"ca82e188e7cc2e7bd528a2eb8d004fe72319da7bb82025de914d938f15c67a035e41d5","first_seen":"2025-02-07T06:28:23.105184Z","last_seen":"2026-05-27T15:38:43.653469Z","times_seen":786,"resource_available":false,"data":null}},"time_used":10,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRSuzuam4M-KgrAwhz0omEl3T_fMtCusrusuizGJu5EcxEN1V_WknO6utqp7ejKnYEByHEFEBaHzTbJBXUXxLMjEk1HREcSAm4Pi1YPCnqUnA9EH_d7r-qqK7_tevbWbn5AGcnq8-pIciCiii27drD2xLhImC11bXqtZZt28VFsXSdO5VOtXSfWethpO3Xyydp0HXblom5ZpWqZVuyYUD2V_cYpCpHc8q-6ZdceuW66Dvvr_v84NaGqA9U7IwxBs8sAf4asQwRhJ_PlVrruZTJ96Ic4jmkmFHjt4JekmskgQn7WhMhAmB7PdkHpCyHtzkMnBTAFkb69SAF9MyNyjd-EnBzOa8Hv7p0z9CDyBz-5D0RuDR2MIOkYgtyHYTwQIGJZXkMS3l6Uq6OYpSit0Qubv_QNRTMj83UeQxJ9diUS_dktGeSZkotEPS4j-GKIzRpofIhvMQRSHCLI3IdgPZPHeEpJ4b0VHEoIdXww582zb5wstx2ouOF7bWmibbnPBdIM2ZZ7daDE6tUiEY1BtIK8-YSAPDeSpgZgd1xyz7QQWbTRDjwUt06GOw7hvem3bNKkXtJAHFfchsnSIIBoiUFtI1Ra6YgiVfw29UUIzAzoj6LESBScoNEFBCQpBUGQERa_cZ5G2dXmbRTr3rVm1Z7VRjmTW2aX7MuvwhICqIRQr90T6ht5GkJ0bDULNRrJK1M_KEfVZuZuekIcqW42d335Flx_XzCZvtVqe3Q4st81cM3Cbnus4jIYt1zL9FrQoIfTc1IyBmJDr9_-FVEyI8aEHnx5CR4cIxIOg-QXQogTdKDFIPqWqn_T7_Q1WD2QMJkuk2TyyTWM3OiGPTyf72tqP4MHRs_PfVfE9AlUiVSVeF98QdKKd0U1ZkL2bstDki5U0E7EY0GrqtzKa8XMfv8g3C6nYjat6-NFzQQVU7Z01rrMlmjCRdDT55IpgjKtrUgWcfHVDr3N_NdcbV3KV5OnS6vPXbsSp4loLmYxBK1V_KwRiQs6__9j0RTu__A6hxlB5iTg_IrNAkG5Bp2fctSRQ0RnupwaKvBwp2z9bjMSEvNwdI-JHl9959-IH55-5AOqX0Pw_B8_6kaLVDVSUu3oHHWWAZttI4hI9VaIXlaDREDo_N8pSdXT558Y04EfGyI-UsedHKnr71GYtjmuu7Tea7XaTh00WNljDbjDPNbnnUK_peI6LTE82vvz2z38DAAD__33t2pezBAAA","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:09.597Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sixdespise.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 21:18:16 GMT","end":"Thu, 27 Nov 2025 21:18:15 GMT"},"fingerprint":{"sha1":"63:7A:2E:0D:01:1D:43:69:FB:81:B2:C4:B0:61:32:C6:2F:EE:19:49","sha256":"0A:FD:EF:AC:F0:50:31:FC:66:10:2F:B3:22:51:4F:85:42:34:1F:1B:9B:D9:51:E4:C9:53:3E:9D:7B:21:B8:37"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSTWgkRRSuzuam4M-KgrAwhz0omEl3T_fMtCusrusuizGJu5EcxEN1V_WknO6utqp7ejKnYEByHEFEBaHzTbJBXUXxLMjEk1HREcSAm4Pi1YPCnqUnA9EH_d7r-qqK7_tevbWbn5AGcnq8-pIciCiii27drD2xLhImC11bXqtZZt28VFsXSdO5VOtXSfWethpO3Xyydp0HXblom5ZpWqZVuyYUD2V_cYpCpHc8q-6ZdceuW66Dvvr_v84NaGqA9U7IwxBs8sAf4asQwRhJ_PlVrruZTJ96Ic4jmkmFHjt4JekmskgQn7WhMhAmB7PdkHpCyHtzkMnBTAFkb69SAF9MyNyjd-EnBzOa8Hv7p0z9CDyBz-5D0RuDR2MIOkYgtyHYTwQIGJZXkMS3l6Uq6OYpSit0Qubv_QNRTMj83UeQxJ9diUS_dktGeSZkotEPS4j-GKIzRpofIhvMQRSHCLI3IdgPZPHeEpJ4b0VHEoIdXww582zb5wstx2ouOF7bWmibbnPBdIM2ZZ7daDE6tUiEY1BtIK8-YSAPDeSpgZgd1xyz7QQWbTRDjwUt06GOw7hvem3bNKkXtJAHFfchsnSIIBoiUFtI1Ra6YgiVfw29UUIzAzoj6LESBScoNEFBCQpBUGQERa_cZ5G2dXmbRTr3rVm1Z7VRjmTW2aX7MuvwhICqIRQr90T6ht5GkJ0bDULNRrJK1M_KEfVZuZuekIcqW42d335Flx_XzCZvtVqe3Q4st81cM3Cbnus4jIYt1zL9FrQoIfTc1IyBmJDr9_-FVEyI8aEHnx5CR4cIxIOg-QXQogTdKDFIPqWqn_T7_Q1WD2QMJkuk2TyyTWM3OiGPTyf72tqP4MHRs_PfVfE9AlUiVSVeF98QdKKd0U1ZkL2bstDki5U0E7EY0GrqtzKa8XMfv8g3C6nYjat6-NFzQQVU7Z01rrMlmjCRdDT55IpgjKtrUgWcfHVDr3N_NdcbV3KV5OnS6vPXbsSp4loLmYxBK1V_KwRiQs6__9j0RTu__A6hxlB5iTg_IrNAkG5Bp2fctSRQ0RnupwaKvBwp2z9bjMSEvNwdI-JHl9959-IH55-5AOqX0Pw_B8_6kaLVDVSUu3oHHWWAZttI4hI9VaIXlaDREDo_N8pSdXT558Y04EfGyI-UsedHKnr71GYtjmuu7Tea7XaTh00WNljDbjDPNbnnUK_peI6LTE82vvz2z38DAAD__33t2pezBAAA HTTP/1.1\r\nHost: sixdespise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: uid_id2=fed922be-7416-4981-8056-05c8ad9237da:1:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl25746648=1; slec06e777928c158d50c569544daf7510b7=[6116560]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:09 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\nAccess-Control-Allow-Origin: *\r\nVary: Origin\r\nAccess-Control-Allow-Credentials: true\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: sixdespise.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 98d1a26a710a346f720bc2a3972a4319\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"sixdespise.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/ssp/utility/social-media/instagram/new/4/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"104.21.48.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 29 Aug 2025 18:23:14 GMT","end":"Thu, 27 Nov 2025 19:21:45 GMT"},"fingerprint":{"sha1":"99:06:8C:E5:8E:41:8B:38:F8:46:C0:E9:CF:99:E2:11:F2:8E:DD:AB","sha256":"93:A8:69:6F:83:C3:C8:1B:E8:A3:20:9C:19:F4:47:35:74:85:80:F1:82:1F:48:42:AB:AA:77:A3:35:AB:29:20"}}},"request":{"raw":"GET /sb/ssp/utility/social-media/instagram/new/4/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:10 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Fri, 19 Jan 2024 14:19:43 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"65aa84ff-1d9a\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=o6kuOLZch5Mg4FhahPj5PYfZsWKIKAKY%2BCj%2BW863HDnJ%2BxyHI6u8Iv6T13ebt%2BM3Znu7UFZ26s6wNCogxOCmYijsGSagokaiCtNNkfnO\"}]}\r\ncf-ray: 9779abbef8e656c1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":7578,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"98090679cdc97734c4911d7995d7a560","sha1":"50616bcd7ea8829649ce87ccf771dcc60ad20d8d","sha256":"985576dbd564299199b75f1e108e7808324c3549692fe41a04aa32b85a1f727a","sha512":"a3ff81836af5a5c150d064a8f55d3604c48a68d366a61096a05cde2f5ff3a3bfd0dde4e10f66c06b168573390c5fe11375d9b53afd0ba0bf8e99b8cfef6c35ac","ssdeep":"192:2arMX5EtHh9HhZzJJxMX5jMPBR0hJWsGZPhHG0b26zSSfJl00LApicS:fMXkzJnMXJM762ijm","tlshash":"98f1dd9b6b371604b407e4aa2f6a2b4727244017960fed247fcd724c8fc52e8d5a278b","first_seen":"2024-09-11T20:57:23Z","last_seen":"2026-04-12T05:56:34.369984Z","times_seen":639,"resource_available":false,"data":null}},"time_used":584,"timings":{"blocked":49,"dns":21,"connect":3,"send":0,"wait":485,"receive":0,"ssl":21},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/static/v6/css/style.css?v=5","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.170Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /static/v6/css/style.css?v=5 HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: text/css\r\ncontent-length: 3240\r\ncache-control: public, max-age=604800\r\nexpires: Sat, 06 Sep 2025 22:26:34 GMT\r\nlast-modified: Sat, 23 Nov 2024 23:20:00 GMT\r\netag: \"3eb5-67426320-cfb267c110883b01;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\nx-turbo-charged-by: LiteSpeed\r\nage: 20548\r\ncf-cache-status: HIT\r\npriority: u=2,i=?0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=nyIlxYJRMYeUp3J2sbKy8qwrENPoWIgPvSifXOZ8hFKFW0BjzWWDnYph8Hv1W7mZerje9OegEbtPej7UYQxvJaR%2FZCoRsJvSvIZw1LOoN2FV\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bce356b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":16053,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (16053), with no line terminators","md5":"65998424f176219fd3a57b076f83b36b","sha1":"df9c8d0ac54cf9316493b9233d26bf3ebb6bd106","sha256":"7f2e454e99297acad6e3541b90b3d8d78c47b6cc2e2275a9d6a420256330edac","sha512":"725ebba6982c172ced30fdddcbacfccbd31a1ab371c658a0ac59ba5cdbbc0ddf1a5418f91eb003e98c915bca381d08dcb2cdf06305b7c9dedc435a3580b56a7e","ssdeep":"384:ZgOx/v8QJujQj1uSPuOe/QnNEQq5OlgDpQ+o5en50ackD+:+4wQnNK5OqDpQ+o5U50ackD+","tlshash":"d17271338251221db52bd9282bd4738e3228d027f51317fdf9677625c28b59b1bb3b89","first_seen":"2025-02-07T06:28:23.107205Z","last_seen":"2026-05-27T15:38:43.616452Z","times_seen":697,"resource_available":false,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":11,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D8%B7%D9%85%D9%88%D8%AD-%D8%B1%D8%A7%D9%8A%D9%84%D9%8A-%D8%B1%D9%8A%D8%AF-%D8%A7%D9%84%D8%A7.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.192Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D8%B7%D9%85%D9%88%D8%AD-%D8%B1%D8%A7%D9%8A%D9%84%D9%8A-%D8%B1%D9%8A%D8%AF-%D8%A7%D9%84%D8%A7.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14885\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Mon, 21 Apr 2025 09:38:02 GMT\r\netag: \"3a25-680611fa-1ffef87439666166;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=zYyrhsV0TYOzrZnGiv2mFV3qWOB%2BzxIbQtcNtD3JABWkci54qsDhcSZmANWqeiTe%2BDD4fGLUuJd6kgK%2F9vpyu3qg8RpZA%2FlEsYQThoFyP53O\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92ccff56b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14885,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"c589e9cd23e4425536ce283488d1dca8","sha1":"b045b1537f7601c8b66ef8d283d4e89335152244","sha256":"753f8378009b6bdcef739a428ee343d95f0e369515afe1ffb7c534b3c0e3ff75","sha512":"d46bb5121af217f43b42058dadcb893feab3b0b6ba91251365602ee2fd30ac5a07354a1fbbc9659a4d8c653e2710cfbab18e7bd5bb2ee4254ed7d13c3a8ff9f7","ssdeep":"384:/8Y8CeWoUaXd7FGttHM4C0YzJdOTrGwp97ePF0NKsZjpg:/8OCjdx0Kpt8TCw/+F0NK7","tlshash":"8262c0113bfb819fedc6bc3666d6d124acb00402bca75db4b20da25647a735b14b98b3","first_seen":"2025-06-11T04:19:23.989018Z","last_seen":"2026-02-01T06:42:59.13157Z","times_seen":12,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":21,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/06/e7/77/06e777928c158d50c569544daf7510b7.js","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.197Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sixdespise.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 21:18:16 GMT","end":"Thu, 27 Nov 2025 21:18:15 GMT"},"fingerprint":{"sha1":"63:7A:2E:0D:01:1D:43:69:FB:81:B2:C4:B0:61:32:C6:2F:EE:19:49","sha256":"0A:FD:EF:AC:F0:50:31:FC:66:10:2F:B3:22:51:4F:85:42:34:1F:1B:9B:D9:51:E4:C9:53:3E:9D:7B:21:B8:37"}}},"request":{"raw":"GET /06/e7/77/06e777928c158d50c569544daf7510b7.js HTTP/1.1\r\nHost: sixdespise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:03 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 29327\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: sixdespise.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3187049f7002612bd2a789bef064de69\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72570,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"fe4542dbe2ea67edf66c1def6d235ebd","sha1":"e91739cd30417b70c5a2c43e28050950a6590ed3","sha256":"7fed29cfc85bd35dbe8ac20f2da05a7e5f4079c13c6037f3a47bee22ba2d0cde","sha512":"5415fe6430f1f8cbf0dfc79f4b0cae48e5cd5138bd6741f66bc620cc9abd8f042d5746cf93a0ff427defe6953b3db7562baf0efea4176126dbba24c84a106592","ssdeep":"768:Y2WfYsmKjjqw648+QhS8u+Jcj/XcdNjN3mOdY08kUbTehzbcepw6f:Y2Wf7Q4x5O+jvc7dY0U3fE","tlshash":"1263c7483f51b27802e6b8fa712fa61af0265c1195d8e0d8f503f4deae66719f036f25","first_seen":"2025-08-28T23:04:51.330105Z","last_seen":"2025-08-31T04:09:32.421397Z","times_seen":2,"resource_available":true,"data":null}},"time_used":784,"timings":{"blocked":274,"dns":27,"connect":93,"send":0,"wait":98,"receive":94,"ssl":196},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"sixdespise.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"badlandlispyippee.com/get/2057407?id=2057407\u0026jp=_clmipbiihszdvsouimujba\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.578-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=P-jWTT3vk\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=bLFEUIqaHR0cHM6Ly9hcnhueHh4eHh4aGQuYmVhdXR5Lw\u0026afid=2929871179234816\u0026eclog=0\u0026snc=0\u0026ssc=1\u0026vp=0\u0026dto=2\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0","fqdn":"badlandlispyippee.com","domain":"badlandlispyippee.com","tld":"com"},"ip":{"addr":"94.242.247.35","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.234Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"badlandlispyippee.com","organization":""},"issuer":{"commonName":"WR1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 14:34:15 GMT","end":"Fri, 07 Nov 2025 14:34:14 GMT"},"fingerprint":{"sha1":"DF:E4:30:5E:8F:8F:0C:5A:39:BE:D0:DB:C9:EC:3F:3A:32:2D:2B:A2","sha256":"12:B3:44:4D:46:2F:A0:BD:8E:7F:F5:DA:05:A3:36:B0:FA:31:03:4C:78:0B:E4:4C:15:45:32:53:04:4F:11:23"}}},"request":{"raw":"GET /get/2057407?id=2057407\u0026jp=_clmipbiihszdvsouimujba\u0026dr=49\u0026cuaa=2\u0026nojs=0\u0026bavar=0\u0026febuild=1.0.578-st\u0026t=0\u0026wcks=1\u0026wgl=1\u0026cnvs=1\u0026os=0\u0026tz=UTC\u0026ss=1\u0026ls=1\u0026bb=0\u0026cti=0\u0026fn=3\u0026es=13\u0026ge=2\u0026th=P-jWTT3vk\u0026plu=PDF%20Viewer::Chrome%20PDF%20Viewer::Chromium%20PDF%20Viewer::Microsoft%20Edge%20PDF%20Viewer::WebKit%20built-in%20PDF\u0026lang=en-US\u0026pf=Win32\u0026cd=24\u0026vcv=Mesa\u0026vcn=llvmpipe\u0026ix=0\u0026x=1280\u0026y=1024\u0026md=0\u0026psu=bLFEUIqaHR0cHM6Ly9hcnhueHh4eHh4aGQuYmVhdXR5Lw\u0026afid=2929871179234816\u0026eclog=0\u0026snc=0\u0026ssc=1\u0026vp=0\u0026dto=2\u0026im=1\u0026noch=1\u0026cs=5\u0026uf=0 HTTP/1.1\r\nHost: badlandlispyippee.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: cart=1; cart_p=2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: text/javascript; charset=utf-8\r\nvary: Accept-Encoding\r\nx-route-id: config\r\nset-cookie: UID=25083023094d345a2b6abf4ef2be6e6444a4; Path=/; Expires=Sun, 04 Oct 2026 04:09:04 GMT; Secure; SameSite=None\nCHCK=1; Path=/; Expires=Sun, 04 Oct 2026 04:09:04 GMT; Secure; SameSite=None\nPTS=; Path=/; Expires=Sun, 04 Oct 2026 04:09:04 GMT; Secure; SameSite=None\r\ncontent-encoding: gzip\r\ntiming-allow-origin: *\r\naccept-ch: sec-ch-ua-wow64,sec-ch-ua-full-version-list,sec-ch-ua,sec-ch-ua-platform,sec-ch-ua-mobile,sec-ch-ua-full-version,sec-ch-ua-platform-version,sec-ch-ua-arch,sec-ch-ua-bitness,sec-ch-ua-model,sec-ch-width,sec-ch-viewport-width,sec-ch-viewport-height,sec-ch-dpr,sec-ch-device-memory,sec-ch-rtt,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":3389,"size_decoded":0,"mime_type":"text/javascript; charset=utf-8","magic":"ASCII text, with very long lines (3389), with no line terminators","md5":"21e5bd1d7bae6e586d8dfc11e75f7a33","sha1":"df1c8b1828a99d17ec8019ea30e91c70d54aa557","sha256":"3e5e6ab586eba4cb3de2da1b15c86a60c5985fd9d0566d482ccb2d81db27ed76","sha512":"ed8caeceb8ef2f2fb2cd8be739cf1c9191113f43fbc41f6adf5bc23cd29caa3408ee2aa0f149f3975fe9c2f364e3be2f66f2b8a9116963a138deb63180d43ceb","ssdeep":"","tlshash":"706184e5840bc9d09089e8cfb63e0f38b0405bd560b79a155d68deee66110fcebb3951","first_seen":"2025-08-31T04:09:32.423791Z","last_seen":"2025-08-31T04:09:32.423791Z","times_seen":1,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/sbar.json?key=06e777928c158d50c569544daf7510b7\u0026uuid=fed922be-7416-4981-8056-05c8ad9237da%3A1%3A1","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:09.263Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sixdespise.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 21:18:16 GMT","end":"Thu, 27 Nov 2025 21:18:15 GMT"},"fingerprint":{"sha1":"63:7A:2E:0D:01:1D:43:69:FB:81:B2:C4:B0:61:32:C6:2F:EE:19:49","sha256":"0A:FD:EF:AC:F0:50:31:FC:66:10:2F:B3:22:51:4F:85:42:34:1F:1B:9B:D9:51:E4:C9:53:3E:9D:7B:21:B8:37"}}},"request":{"raw":"GET /sbar.json?key=06e777928c158d50c569544daf7510b7\u0026uuid=fed922be-7416-4981-8056-05c8ad9237da%3A1%3A1 HTTP/1.1\r\nHost: sixdespise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:09 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4661\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nAccess-Control-Allow-Origin: https://arxnxxxxxxhd.beauty\r\nAccess-Control-Allow-Credentials: true\r\nVary: Accept-Encoding\r\nSet-Cookie: uid_id2=fed922be-7416-4981-8056-05c8ad9237da:1:1; expires=Sun, 07 Sep 2025 04:09:09 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Mon, 01 Sep 2025 04:09:09 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Mon, 01 Sep 2025 04:09:09 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Mon, 01 Sep 2025 04:09:09 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Mon, 01 Sep 2025 04:09:09 GMT; path=/; secure; SameSite=None\nu_pl25746648=1; expires=Mon, 01 Sep 2025 04:09:09 GMT; path=/; secure; SameSite=None\nslec06e777928c158d50c569544daf7510b7=[6116560]; expires=Sun, 31 Aug 2025 04:09:14 GMT; path=/; secure; SameSite=None\r\nHost: sixdespise.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f8a9b56e377a3d2702a5898860c6b001\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6323,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"4879090e3b82c17965b2ba1ee13a568c","sha1":"b6c3b14ea97f8b67f52d0c5ff0ca601ee0232683","sha256":"09832850794b632a7202ba4d15ff9931738c4287e9fb1acaf39079c4bc768098","sha512":"b6d4468eeae71e01831cc27b5110ddfd87cc935777a830f1ee5151f355f232330c4db8e27f8e3e8d3947c01d3ed0998e17e417b9e7bcc62970d7221f6b56e6d1","ssdeep":"96:9z2s4Xbztc/aaNiXO4M1tbUfTq5pEuIzbh+bCbYUjxjws3HnJy4lL9czR:9z2s4Xb6/6X/iERuIz7EUjx9py4l9czR","tlshash":"8fd19efb91c029c65462864c7c67df6d4fe2f46ee0221ebdc23e826ee0545ca3a05072","first_seen":"2025-08-31T04:09:32.426094Z","last_seen":"2025-08-31T04:09:32.426094Z","times_seen":1,"resource_available":false,"data":null}},"time_used":320,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":319,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"sixdespise.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/4b/75/3b/4b753b437ff8f56901e837fea0e6bca359fe1e90bff265f8a8bfba1802d37813.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.1","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.301Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R11","organization":"Let's Encrypt"},"validity":{"start":"Thu, 10 Jul 2025 02:33:11 GMT","end":"Wed, 08 Oct 2025 02:33:10 GMT"},"fingerprint":{"sha1":"06:D8:07:0F:AB:BF:D8:7F:C5:38:82:AC:A7:8A:20:4D:83:6C:EA:C9","sha256":"CF:05:58:46:C3:07:3F:B6:A6:8D:42:F2:3B:3D:91:36:93:10:CB:D5:89:47:A3:62:26:D2:F3:BA:AC:51:0E:B7"}}},"request":{"raw":"GET /si/4b/75/3b/4b753b437ff8f56901e837fea0e6bca359fe1e90bff265f8a8bfba1802d37813.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:10 GMT\r\ncontent-type: image/png\r\ncontent-length: 6423\r\nserver: nginx/1.21.6\r\nlast-modified: Fri, 15 Aug 2025 01:09:01 GMT\r\netag: \"689e88ad-1917\"\r\nexpires: Tue, 02 Sep 2025 04:09:10 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6423,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 192x192, components 3","md5":"d8f143c53ef89fe568fb4f86eaaadd76","sha1":"57435a41ae46252e83eaa425e86c8d004fc82287","sha256":"2939c9713939fc59e054d5101edbb46015515ea52bd362372aeb6475d0a67a26","sha512":"1344497a4e548bea8882be8acbb9384fa7dcc15e31194cc670622945ba95d60825d069dffb2d3cd3a659c21df65909b3780e377c55202560be35db2aec41b680","ssdeep":"96:IElbw+iukgvhR4EpfmZe4iM/B+bNpqt9TJu5FY67pz97OPhk7fIOA+e1vRvzo:9wtwRfunBKMt9eY2pz9qa6RZvE","tlshash":"73d18e4a94192ba1ee9a49f8e8d73f03d22876716e66b63420830cfdbb12dfc4144741","first_seen":"2025-08-15T07:53:25.315072Z","last_seen":"2025-12-22T04:22:03.419479Z","times_seen":1333,"resource_available":false,"data":null}},"time_used":203,"timings":{"blocked":91,"dns":46,"connect":19,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:11.206Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:22:25 GMT","end":"Mon, 03 Nov 2025 19:22:24 GMT"},"fingerprint":{"sha1":"F5:9E:5D:EB:46:9B:ED:9F:D2:D7:E8:D1:06:43:DF:9D:0C:13:7E:75","sha256":"AA:C4:C0:AF:38:AE:91:75:3F:86:CE:32:70:A9:8F:C4:2F:7F:D2:28:D1:34:AD:0A:C8:E2:6C:6E:4D:46:72:23"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 29 Aug 2025 11:06:50 GMT\r\nexpires: Sat, 29 Aug 2026 11:06:50 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nage: 147741\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-05-31T17:30:49.938216Z","times_seen":858713,"resource_available":false,"data":null}},"time_used":315,"timings":{"blocked":151,"dns":35,"connect":20,"send":0,"wait":8,"receive":4,"ssl":92},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D9%85%D9%8A%D8%A7-%D8%AE%D9%84%D9%8A%D9%81%D8%A9-%D9%81%D8%A7%D8%AA%D9%86%D8%A9-%D8%B9%D8%B1.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.194Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D9%85%D9%8A%D8%A7-%D8%AE%D9%84%D9%8A%D9%81%D8%A9-%D9%81%D8%A7%D8%AA%D9%86%D8%A9-%D8%B9%D8%B1.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 12372\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Sun, 20 Apr 2025 19:08:01 GMT\r\netag: \"3054-68054611-ee15128b3d7e8911;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PesnzO0MYmwslW0a7iUxjor7l7LU5eZDmzKaDbRmlMZyck%2BE1ySORxXQyv51IdcgtI2j9MyWv1h%2Fr%2Bo9uo1LiCsh3n97B67knM41MY8eA7%2B4\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92cd0556b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":12372,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"59c7044e63e45d5a268db41f6bf68c74","sha1":"8a2f898d43d5eeebbd5c37af66ac8efed3f59b2b","sha256":"b891593966b17c1f9c53774540d1519e399d4cfcfae551f6767838e20484a9e4","sha512":"45ebcff18eb56f1919478c619e26be5b96e4a20e3d1f62578e8807eebff06cd5c7542cddc54044785d3903d8e0ffd413e3bb860b8e48334ca2880ddfb7d32400","ssdeep":"384:/8M9drN38muIwyQsf9Zw3rvrSZHPuVe884zLljag9t:/8o52yJfc3DCN8vLXf","tlshash":"4442d15ccad50134edf01074987ae3d9423263f9f820637a6e819e6468b58c7ce2c9de","first_seen":"2025-06-11T04:19:23.945843Z","last_seen":"2026-02-01T06:42:59.146156Z","times_seen":12,"resource_available":false,"data":null}},"time_used":66,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":66,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=854\u0026rd=854\u0026fd=551\u0026bv=25.8.5278\u0026tmpl=136","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.717Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /pixel/purst?dl=0\u0026th=0\u0026sc=0\u0026rs=854\u0026rd=854\u0026fd=551\u0026bv=25.8.5278\u0026tmpl=136 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 31 Aug 2025 04:09:04 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":649,"timings":{"blocked":277,"dns":1,"connect":91,"send":0,"wait":93,"receive":0,"ssl":184},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"frozenassumption.com/Ya2bx-p.ZdWe5f0gZ_GiFj0kYlT-9nyocpmql_ksPtTuBvj-Yxjycz2AM_TCkD4EMFm-YHyIMJ2KI_5MYNTOUP3-YRjSNTjUZ_DWFXhYYZW-Qb3cMdzel_mgNhDiYj3-","fqdn":"frozenassumption.com","domain":"frozenassumption.com","tld":"com"},"ip":{"addr":"88.85.69.211","port":443,"asn":35415,"as":"Webzilla B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"frozenassumption.com","organization":""},"issuer":{"commonName":"E6","organization":"Let's Encrypt"},"validity":{"start":"Thu, 07 Aug 2025 16:04:09 GMT","end":"Wed, 05 Nov 2025 16:04:08 GMT"},"fingerprint":{"sha1":"BE:1E:1C:A1:30:81:60:7C:8F:22:23:68:63:AB:95:28:B6:42:9C:2A","sha256":"1D:CB:F9:EC:D0:E1:42:F8:97:69:F0:D9:31:18:DB:A1:9F:75:BD:0D:F3:16:EB:65:38:E3:57:BF:E2:B6:F0:D8"}}},"request":{"raw":"POST /Ya2bx-p.ZdWe5f0gZ_GiFj0kYlT-9nyocpmql_ksPtTuBvj-Yxjycz2AM_TCkD4EMFm-YHyIMJ2KI_5MYNTOUP3-YRjSNTjUZ_DWFXhYYZW-Qb3cMdzel_mgNhDiYj3- HTTP/1.1\r\nHost: frozenassumption.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 49\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-length: 0\r\npragma: no-cache\r\naccept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-WoW64\r\nexpires: Mon, 26 Jul 2011 05:00:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":20,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"frozenassumption.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"skinnycrawlinglax.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2Fd3%2F55%2Ffb%2Fd355fb06fa4f4907609b7d285fa07f7a%2F1664530003.html\u0026l=1175\u0026fd=534","fqdn":"skinnycrawlinglax.com","domain":"skinnycrawlinglax.com","tld":"com"},"ip":{"addr":"192.243.61.227","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"skinnycrawlinglax.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 22:00:34 GMT","end":"Tue, 25 Nov 2025 22:00:33 GMT"},"fingerprint":{"sha1":"FC:5B:24:E2:ED:A9:65:69:CA:97:74:44:F8:E9:93:1A:50:E7:73:C1","sha256":"26:1B:F8:72:30:B2:C4:49:6A:2E:E7:A5:FC:26:35:74:02:CB:56:D1:F7:7E:A5:5E:89:65:A9:B4:1F:1F:DB:8F"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-sb.com%2Fsb%2Fau%2Fd3%2F55%2Ffb%2Fd355fb06fa4f4907609b7d285fa07f7a%2F1664530003.html\u0026l=1175\u0026fd=534 HTTP/1.1\r\nHost: skinnycrawlinglax.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 31 Aug 2025 04:09:10 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: skinnycrawlinglax.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":93,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":92,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"skinnycrawlinglax.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.agonizingfollowing.pro/ecc874/76933aaeb4e4.js","fqdn":"www.agonizingfollowing.pro","domain":"agonizingfollowing.pro","tld":"pro"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.139Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"www.agonizingfollowing.pro","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Wed, 27 Aug 2025 07:03:15 GMT","end":"Tue, 25 Nov 2025 07:03:14 GMT"},"fingerprint":{"sha1":"66:D3:A7:75:CD:3D:AA:D7:D1:E8:78:41:D5:E7:F4:3A:6E:58:34:49","sha256":"4E:E3:8D:86:49:E2:51:5B:3B:6C:5D:84:FC:56:5D:AF:6C:05:F8:1C:17:0E:1B:3D:6F:5C:F1:17:4E:EF:89:B6"}}},"request":{"raw":"GET /ecc874/76933aaeb4e4.js HTTP/1.1\r\nHost: www.agonizingfollowing.pro\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-type: text/plain\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nserver: nginx\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: Content-Type\r\ncache-control: max-age=172800\r\ncontent-encoding: gzip\r\nexpires: Tue, 02 Sep 2025 04:09:04 GMT\r\nx-cdn-host-id: ah0543\r\nx-proxy-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":103684,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65533), with no line terminators","md5":"6293d815538c521cd012122a8aeef7cf","sha1":"a34effed6f46c76f1b59d20067f9b36a6985701c","sha256":"59d93166156c99afef2344f4883377144608b6c996b9b0a16856a0018efd60f1","sha512":"f22f4706029b2dc11b1b623660299e71714d3a7b576a0f884d3f46a3951a77e5e17aec315a76a1b9fbf612cea95e75d66ef6c0b74307091aa90b12e7e1fd07d1","ssdeep":"1536:rM+iZ3YOYuyx6PUQwRxcs8P3nhkQ8vL7T7Q6eGozzwVEnHzHRbPvz:OijxEQq3P5Enne9zkWHLR","tlshash":"82a33461350b64fd2ad0c1e7eb6720886c295810e469cca1ecd1e7c7d6eb8e3429b5f7","first_seen":"2025-08-27T09:40:31.125157Z","last_seen":"2025-09-03T07:51:18.083389Z","times_seen":171,"resource_available":true,"data":null}},"time_used":181,"timings":{"blocked":70,"dns":26,"connect":19,"send":0,"wait":37,"receive":0,"ssl":26},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=fed922be-7416-4981-8056-05c8ad9237da\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=06e777928c158d50c569544daf7510b7\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=4","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"192.243.59.20","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.658Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 30 Aug 2025 21:53:17 GMT","end":"Fri, 28 Nov 2025 21:53:16 GMT"},"fingerprint":{"sha1":"AA:2A:FC:C2:EE:01:8F:55:3F:19:46:84:4A:C8:A0:95:62:50:5C:A3","sha256":"3D:8C:1A:2E:1F:32:30:D4:D8:4F:D2:FB:CC:99:F1:9C:05:E5:7B:D8:9D:7D:24:86:AD:C5:1E:62:55:44:A4:CA"}}},"request":{"raw":"GET /pxf.gif?uuid=fed922be-7416-4981-8056-05c8ad9237da\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=06e777928c158d50c569544daf7510b7\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=4 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:05 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 7daa2ca9743c44447985ee0c801b7b13\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":728,"timings":{"blocked":315,"dns":34,"connect":92,"send":0,"wait":96,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:10.297Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:22:25 GMT","end":"Mon, 03 Nov 2025 19:22:24 GMT"},"fingerprint":{"sha1":"05:AF:87:21:D4:6B:A6:86:ED:A7:D2:07:92:06:E4:D4:79:84:27:E8","sha256":"F6:EC:75:67:99:66:34:CC:0C:0F:9D:D7:8B:6A:04:94:98:0C:7B:B5:47:E2:47:37:A6:F8:E2:08:99:72:AB:BE"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sun, 31 Aug 2025 04:09:10 GMT\r\ndate: Sun, 31 Aug 2025 04:09:10 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"e9d2e14beb088f37fae98294940a9dcd","sha1":"1dafc3c55550249c8c2d782d5616c7b445c8e005","sha256":"f2e491cc46d3fcba81f729065d622bd722751d4a2e7f80b479aa64a92c17b5c7","sha512":"64025ea9b660d5e1d45a593a27345e152ba6b5ef95daceee5e43201319a555eb5457cfe1ecdcc725202063a22c5f406f3ba4607863d5b714c378f144bcdea5f7","ssdeep":"384:pjf5jgjPjrjyUj/qY4+j4jYjpjfMj1jWj6jyhj/qY4XjNjtj4jfdjkjDj3jyQj/E:p90DXOU/R08toBy+Oh/EBpcZwPLOQ/VK","tlshash":"e5722291041740009b835ce223cebf35fe1f92117152d0b5abfd9b6badcbc66526939d","first_seen":"2025-06-02T17:27:24.212334Z","last_seen":"2026-01-19T16:22:17.33804Z","times_seen":5482,"resource_available":false,"data":null}},"time_used":256,"timings":{"blocked":111,"dns":0,"connect":20,"send":0,"wait":33,"receive":0,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D8%A7%D8%AE%D8%AA-%D8%A7%D9%84%D8%B2%D9%88%D8%AC%D8%A9-%D8%A7%D9%84%D9%83%D8%A8%D9%8A%D8%B1.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.176Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D8%A7%D8%AE%D8%AA-%D8%A7%D9%84%D8%B2%D9%88%D8%AC%D8%A9-%D8%A7%D9%84%D9%83%D8%A8%D9%8A%D8%B1.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 16563\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Fri, 25 Jul 2025 20:52:53 GMT\r\netag: \"40b3-6883eea5-679eda9c64a24cdd;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=PGdm2%2FRpixg7fzST5c6yUX%2FbVU2SzzTD%2FAVP%2F053OAaFYY7oiHYi6XoyZLeRBYdbYvNCMmFDr1%2BYZJ4rp%2FMxh3arAxaJ7Zz69QcXuUTW2npd\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bce656b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]}],"data":{"size":16563,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"02f31421aece0312512f19f3aa58361c","sha1":"5041c5a299295e4e57543388a2086778cba9b919","sha256":"ad5b84fd3314a51a456927a6a616e32db1e5b05930a7fe4335628fe46c1b9045","sha512":"a09500ec590e2ad1988d09cd5cd22575d62238b115db82554a433ec0eb06a58455307519c932e4e38c7965cde0c78515968126c23a02e79bd27da69fcbfafd24","ssdeep":"384:/89FX7cCUJ5hdc1aIp8HuJzFdh3E+6iPGEfNJqoOFmnvdxlJaThsAnXK:/89BQf5hdc1Tp7dh3v6iNlcoO2xlcTLa","tlshash":"c372c0664417fa49f7d276a9c6520a70dcbf2cc3416211abd9c5be81698b09df0c12ec","first_seen":"2025-08-28T23:04:51.323095Z","last_seen":"2026-02-01T06:42:59.125076Z","times_seen":10,"resource_available":false,"data":null}},"time_used":38,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":36,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D8%A7%D8%B0%D8%A7-%D9%86%D8%B8%D8%B1%D8%AA-%D8%B9%D9%86-%D9%82%D8%B1%D8%A8-%D9%8A%D9%85%D9%83.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.185Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D8%A7%D8%B0%D8%A7-%D9%86%D8%B8%D8%B1%D8%AA-%D8%B9%D9%86-%D9%82%D8%B1%D8%A8-%D9%8A%D9%85%D9%83.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7344\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Sun, 11 May 2025 02:54:56 GMT\r\netag: \"1cb0-68201180-115b2a80e7b7751d;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TpjOFNRs407hXXSn7O3HqbYbe7A0hivZSIB7s1nEuJ6Ta3Waw4i2piai9r4EcqWRAObtVM5Y%2B89AW%2FkKFZnh7zmCEkDxJQPdgY%2FVWM%2FiWaXc\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92ccf456b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":7344,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"3ce6b3ddbe112c9f5e73e67436f62768","sha1":"62db91a3ce4fb02511601be888c837a6094d0eb0","sha256":"4e68f0e13a193a588361506ad0d43dba6fb34542b3d1f236cb9055576f7728ed","sha512":"d3e349a670235552305e5ad510fb508b73aa7e0f57d1ded8e42079944e9fca12e118c538ab3d0e5cdfee41ceab52cbb7db08072f80f64573bed26f9dd89455f5","ssdeep":"192:/8iih9ePOAXIks8O4WDRLbrFSNJtlJU3dX7ueDF2R:/8jzePOzRDRLXFSRlJquF","tlshash":"c5e18d90d291db67f35603b113424621f3fd994d4bb7944f63e44c545af22e308bdd82","first_seen":"2025-06-11T04:19:24.015628Z","last_seen":"2026-02-01T06:42:59.141409Z","times_seen":12,"resource_available":false,"data":null}},"time_used":60,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":60,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/%D9%83%D9%84-%D9%85%D8%A7-%D8%A7%D8%B1%D8%A7%D8%AF%D9%87-%D8%B1%D8%A7%D9%8A%D9%84%D9%8A-%D9%81.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.187Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/%D9%83%D9%84-%D9%85%D8%A7-%D8%A7%D8%B1%D8%A7%D8%AF%D9%87-%D8%B1%D8%A7%D9%8A%D9%84%D9%8A-%D9%81.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14261\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Mon, 05 May 2025 13:32:53 GMT\r\netag: \"37b5-6818be05-387e3f8a0877264b;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=JG5ZMmwAMX%2FUQxJ2iyScxk%2FoxmvcR9E4z8XtwZHGYStwzp43%2B2etI%2FJB2BTaZVfPkvhUNunuma7k1tYgqTeMr4fYzRaC%2FCpSfrYI3uikUiVa\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92ccf656b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":14261,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"0948d76b66ad2cdd50371932687c2a10","sha1":"5212e50b9fad78dc37261bde3d0b48e2b416a03c","sha256":"186d09f62020dcbac10bae6dc2779e8a6ad6405ada34a90a432a6d5166ae0df1","sha512":"69efc0688bb00b3b2ebf5e11a51da6b23e330d215c9b4b18e40d6fc2216f9aff9984a1f89d53083f7b761745406d15a8fb4cbcad0d1c38e41b9c84607e4e9123","ssdeep":"384:/8YnLY6ZYT67PxdNYIotfdfTPA1jlmYS5BoS3:/8Kc66TIJYIyAg5KS3","tlshash":"0452c0f16f159e35d2ab36f356af74210707d90de3bd825f9d90f8288ea16e5404350d","first_seen":"2025-06-11T04:19:23.998572Z","last_seen":"2026-02-01T06:42:59.143057Z","times_seen":12,"resource_available":false,"data":null}},"time_used":91,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":67,"receive":24,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:11.202Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 11 Aug 2025 19:22:25 GMT","end":"Mon, 03 Nov 2025 19:22:24 GMT"},"fingerprint":{"sha1":"F5:9E:5D:EB:46:9B:ED:9F:D2:D7:E8:D1:06:43:DF:9D:0C:13:7E:75","sha256":"AA:C4:C0:AF:38:AE:91:75:3F:86:CE:32:70:A9:8F:C4:2F:7F:D2:28:D1:34:AD:0A:C8:E2:6C:6E:4D:46:72:23"}}},"request":{"raw":"GET /s/roboto/v48/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 29 Aug 2025 11:06:50 GMT\r\nexpires: Sat, 29 Aug 2026 11:06:50 GMT\r\ncache-control: public, max-age=31536000\r\nlast-modified: Thu, 29 May 2025 23:30:55 GMT\r\ncontent-type: font/woff2\r\nage: 147741\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-05-31T17:30:49.938216Z","times_seen":858713,"resource_available":false,"data":null}},"time_used":229,"timings":{"blocked":105,"dns":39,"connect":7,"send":0,"wait":8,"receive":10,"ssl":55},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:04.365Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nCookie: uid_id2=fed922be-7416-4981-8056-05c8ad9237da:1:1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:04 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://arxnxxxxxxhd.beauty\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"24ecff49b081ae8476a5eef8244ab424","sha1":"9badcb369b13b1e63fa51bfa87f7a1a815f861e5","sha256":"0db48ca6747a72de0e200ca33ddfa93f0b7c81ebeef1f5c43f7fd2133ca2ceee","sha512":"e5490b69fb932e38e5fb0c3606e78ea5f4ce3b125233b11c0e7ac0bfc57b3be33be948a54da96dd34df7332f0e03a184222db58a0b9f5dc2bfb16361cf30745c","ssdeep":"","tlshash":"21900401750505503f101d0cdd0fd70c344d11103000705530d14cc41f0743d4010431","first_seen":"2025-08-31T04:09:32.39769Z","last_seen":"2025-08-31T04:09:32.39769Z","times_seen":1,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":21,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"professionaltrafficmonitor.com/stats","fqdn":"professionaltrafficmonitor.com","domain":"professionaltrafficmonitor.com","tld":"com"},"ip":{"addr":"3.78.68.13","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.759Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"protrafficinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 01 Jul 2025 00:00:00 GMT","end":"Thu, 30 Jul 2026 23:59:59 GMT"},"fingerprint":{"sha1":"5D:D5:8D:EB:A4:50:13:0D:7C:33:71:82:B8:02:49:4F:D6:31:B6:E6","sha256":"49:03:4C:2C:1B:23:D8:D6:CB:AE:F0:54:61:99:C2:20:F4:FF:87:5E:0B:72:B1:6B:D8:AB:21:49:2D:F2:EC:4A"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: professionaltrafficmonitor.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://arxnxxxxxxhd.beauty\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://arxnxxxxxxhd.beauty\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=fed922be-7416-4981-8056-05c8ad9237da:1:1; expires=Wed, 29 Aug 2035 04:09:03 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"24ecff49b081ae8476a5eef8244ab424","sha1":"9badcb369b13b1e63fa51bfa87f7a1a815f861e5","sha256":"0db48ca6747a72de0e200ca33ddfa93f0b7c81ebeef1f5c43f7fd2133ca2ceee","sha512":"e5490b69fb932e38e5fb0c3606e78ea5f4ce3b125233b11c0e7ac0bfc57b3be33be948a54da96dd34df7332f0e03a184222db58a0b9f5dc2bfb16361cf30745c","ssdeep":"","tlshash":"21900401750505503f101d0cdd0fd70c344d11103000705530d14cc41f0743d4010431","first_seen":"2025-08-31T04:09:32.39769Z","last_seen":"2025-08-31T04:09:32.39769Z","times_seen":1,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":83,"dns":1,"connect":21,"send":0,"wait":21,"receive":0,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"weirdopt.com/ad/advertisers.js","fqdn":"weirdopt.com","domain":"weirdopt.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"weirdopt.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 31 Aug 2025 00:07:02 GMT","end":"Sat, 29 Nov 2025 00:07:01 GMT"},"fingerprint":{"sha1":"AD:4F:15:9E:60:62:A7:16:BA:4B:37:64:C6:01:6B:2B:99:47:89:BE","sha256":"44:74:EA:98:35:48:9C:28:63:20:61:17:18:F6:2B:0A:57:68:36:F4:EF:B0:67:1E:C0:7C:41:30:13:2C:02:F1"}}},"request":{"raw":"GET /ad/advertisers.js HTTP/1.1\r\nHost: weirdopt.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Sun, 31 Aug 2025 04:09:04 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 0\r\nConnection: keep-alive\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 920243b750a00986de719e33c0b2e055\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-31T17:30:56.233389Z","times_seen":15970160,"resource_available":true,"data":null}},"time_used":155,"timings":{"blocked":56,"dns":0,"connect":17,"send":0,"wait":17,"receive":23,"ssl":39},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"weirdopt.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sixdespise.com/35/1f/09/351f09f8163e80240a1747fd798e8282.js","fqdn":"sixdespise.com","domain":"sixdespise.com","tld":"com"},"ip":{"addr":"192.243.59.12","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"Dominica","country_code":"DM"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sixdespise.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 29 Aug 2025 21:18:16 GMT","end":"Thu, 27 Nov 2025 21:18:15 GMT"},"fingerprint":{"sha1":"63:7A:2E:0D:01:1D:43:69:FB:81:B2:C4:B0:61:32:C6:2F:EE:19:49","sha256":"0A:FD:EF:AC:F0:50:31:FC:66:10:2F:B3:22:51:4F:85:42:34:1F:1B:9B:D9:51:E4:C9:53:3E:9D:7B:21:B8:37"}}},"request":{"raw":"GET /35/1f/09/351f09f8163e80240a1747fd798e8282.js HTTP/1.1\r\nHost: sixdespise.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.19.5\r\nDate: Sun, 31 Aug 2025 04:09:03 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 38510\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nAccept-CH: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nHost: sixdespise.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b841ca532a4aa3b5a916f5f502bcb5a2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.19.5","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":105676,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"c0c9d36ea8f0abc7651f8e5a2f3fd799","sha1":"45a536ec3e2dc110851495955bea65f00ff3ac6d","sha256":"305cf1b0bdd018e912aecfdd86be27320a21b07a16f6188659e9219a33e58d7b","sha512":"47944ca295b0b64bdd2f8f41349cefd4f64265a757f6f5c55b0a782db348ade38607d0328193cb3e2c52758f3a14e87669a0af226df17acad3b64ad3dbbe241d","ssdeep":"1536:cmt7BMZUs9piv3i6In8noteGF1XF35WxYT6EhI:ckdv3i6C8notJZFpWk4","tlshash":"e2a3e9887f50f47d02da6036233f962ae1ee4e42154ee158d026fde53a68317e63ddb8","first_seen":"2025-08-31T04:09:32.436599Z","last_seen":"2025-08-31T04:09:32.436599Z","times_seen":1,"resource_available":true,"data":null}},"time_used":796,"timings":{"blocked":302,"dns":11,"connect":93,"send":0,"wait":95,"receive":94,"ssl":197},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-08-31","alert":"Sinkholed","trigger":"sixdespise.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"arxnxxxxxxhd.beauty/storage/thumb/29/teensloveanal-%D8%B5%D9%87%D8%A8%D8%A7%D8%A1-%D9%85%D9%81%D9%84%D8%B3-%D8%AA%D8%AD%D8%B5%D9%84-.jpg","fqdn":"arxnxxxxxxhd.beauty","domain":"arxnxxxxxxhd.beauty","tld":"beauty"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://arxnxxxxxxhd.beauty/","date":"2025-08-31T04:09:03.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"arxnxxxxxxhd.beauty","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 15:42:47 GMT","end":"Fri, 28 Nov 2025 16:41:26 GMT"},"fingerprint":{"sha1":"6B:9D:6F:FA:D9:94:E6:8D:60:EE:F2:36:43:3D:E7:1C:21:44:74:24","sha256":"02:73:17:48:67:5E:6E:D2:7F:25:89:F2:8C:6F:3B:B7:4B:AC:7B:1A:29:D3:67:DC:00:89:4C:4D:D4:2E:64:ED"}}},"request":{"raw":"GET /storage/thumb/29/teensloveanal-%D8%B5%D9%87%D8%A8%D8%A7%D8%A1-%D9%85%D9%81%D9%84%D8%B3-%D8%AA%D8%AD%D8%B5%D9%84-.jpg HTTP/1.1\r\nHost: arxnxxxxxxhd.beauty\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://arxnxxxxxxhd.beauty/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Sun, 31 Aug 2025 04:09:03 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 14578\r\ncache-control: public, max-age=31536000\r\nexpires: Sun, 07 Sep 2025 04:09:03 GMT\r\nlast-modified: Wed, 04 Jun 2025 11:33:25 GMT\r\netag: \"38f2-68402f05-8f599d8fc49ca380;;;\"\r\naccept-ranges: bytes\r\nserver: cloudflare\r\nx-powered-by: PleskLin\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-turbo-charged-by: LiteSpeed\r\ncf-cache-status: MISS\r\npriority: u=4,i=?0\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=d6ivUr2s%2F%2Fgw9Z2P6t%2FrPzaPab0BHJ2imtGGzpIp95Z4ZEQcrRhceTGKZklmjkkLgh%2BKuqLlV3AvyA53ol1jdZbjByfqt3HiZTINQfSwi99D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9779ab92bce956b4-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Litespeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://wordpress.org/plugins/litespeed-cache/","common_platform_enumeration":"","icon":"litespeed-cache.png","categories":["Caching","WordPress plugins"]},{"name":"Plesk","description":"Plesk is a web hosting and server data centre automation software with a control panel developed for Linux and Windows-based retail hosting service providers.","website":"https://www.plesk.com","common_platform_enumeration":"cpe:2.3:a:parallels:parallels_plesk_panel:*:*:*:*:*:*:*:*","icon":"Plesk.svg","categories":["Hosting panels"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"LiteSpeed Cache","description":"LiteSpeed Cache is an all-in-one site acceleration plugin for WordPress.","website":"https://www.litespeedtech.com/products/cache-plugins/wordpress-acceleration","common_platform_enumeration":"","icon":"LiteSpeed.svg","categories":["Caching","WordPress plugins"]}],"data":{"size":14578,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 400x225, components 3","md5":"7a5ea89438854a718a04e895ed536793","sha1":"776d9e4933b2520e9dd660be640e0ac4c633f964","sha256":"98b99a3c94b1b4117cccf9484bda1527ce7c9799f55a7ca81a9f9e6e78b646d8","sha512":"0c1a8948ca260ce51bcc64512982ce02903e6970b9cbde622fe7ebec89dd2a15fd9070e9788cb134e7ea5ebf0bc6dc98273e1141d27f59a2850dd141b0d7fd8e","ssdeep":"384:/8aW+GYPi3qYh2az3OHQXCdylR5oYtfGI:/8rbYKaYh20+HQXCdi78I","tlshash":"5162d0cd6b001642a079147f87cc19f567a9f0a0906b5a01de2ddf6429935ff0bf68ec","first_seen":"2025-06-11T04:19:23.949571Z","last_seen":"2026-02-01T06:42:59.133129Z","times_seen":12,"resource_available":false,"data":null}},"time_used":92,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":69,"receive":23,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}