{"report_id":"6c8bade9-f5c8-47ca-bd5f-a3331b645c89","version":6,"status":"done","tags":[],"date":"2025-09-17T20:41:25Z","url":{"schema":"https","addr":"d-s.io/f/","fqdn":"d-s.io","domain":"d-s.io","tld":"io"},"ip":{"addr":"172.67.72.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"d-s.io/f/","fqdn":"d-s.io","domain":"d-s.io","tld":"io"},"title":"Video not found | DoodStream"},"submit":{"url":{"schema":"https","addr":"d-s.io/f/","fqdn":"d-s.io","domain":"d-s.io","tld":"io"},"ip":{"addr":"172.67.72.35","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null,"user":{"user_id":"akbkyowd9geqr98"}},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-22T20:41:25Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":10}},"detection":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"undefined","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"undefined","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"faqirsgoliard.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"faqirsgoliard.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"nlargeconsult.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"d1f05vr3sjsuy7.cloudfront.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null},"summary":[{"fqdn":"d-s.io","ip":{"addr":"104.26.4.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":178790,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":20799,"sent_data":1405,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}]},{"fqdn":"parashparyro.com","ip":{"addr":"172.67.147.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":4,"received_data":2028,"sent_data":2268,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"c.adsco.re","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":100769,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":2,"received_data":0,"sent_data":796,"comment":"","tags":null,"fingerprints":null},{"fqdn":"faqirsgoliard.top","ip":{"addr":"23.109.170.138","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"unknown","domain_rank":151288,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":89662,"sent_data":831,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"i.doodcdn.io","ip":{"addr":"172.67.75.50","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":200454,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":5,"received_data":462107,"sent_data":2323,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"wrathypenitis.help","ip":{"addr":"94.242.236.142","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":1061,"sent_data":1045,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"nlargeconsult.org","ip":{"addr":"3.164.240.108","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":5064,"sent_data":736,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"ukankingwithea.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":32650,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":3,"received_data":2389,"sent_data":1264,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":1222,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":89161,"sent_data":436,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ereedmadehimal.org","ip":{"addr":"13.33.235.17","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":4090,"sent_data":983,"comment":"","tags":null,"fingerprints":[{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"d1f05vr3sjsuy7.cloudfront.net","ip":{"addr":"54.230.245.227","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":1,"request_count":1,"received_data":320839,"sent_data":422,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"www.blockadsnot.com","ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"domain_registered":"unknown","domain_rank":502145,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":42475,"sent_data":432,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"undefined","ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":0,"sent_data":1942,"comment":"","tags":null,"fingerprints":null},{"fqdn":"blockadsnot.com","ip":{"addr":"208.95.112.254","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":54363,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":285,"sent_data":521,"comment":"","tags":null,"fingerprints":null},{"fqdn":"bunkersparring.shop","ip":{"addr":"212.117.186.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"domain_registered":"unknown","domain_rank":187180,"first_seen":"No data","last_seen":"No data","alert_count":4,"request_count":2,"received_data":2755,"sent_data":2735,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"accounts.google.com","ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"unknown","domain_rank":103,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":6,"received_data":13629,"sent_data":3655,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"static.cloudflareinsights.com","ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"unknown","domain_rank":4073,"first_seen":"No data","last_seen":"No data","alert_count":0,"request_count":1,"received_data":20344,"sent_data":490,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"www.blockadsnot.com/baja.min.css","fqdn":"www.blockadsnot.com","domain":"blockadsnot.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"introduction_type":"scriptElement","is_inline":false,"md5":"caa43968930b7910e7ffc949567e1a08","sha1":"9aa54bfc8750ca9758fc990d8db6cab89f3824ba","sha256":"2ef6e7ca477adec78def215404c4d5d62aedf54a0e888a9373216a48d819b22f","sha512":"3734e98de49bbea5513c3c6421769237bd60c2bc31667751a09bc7d1778de552b2c932927ff848c79925611bd992b84b1e7396e84f08b7c748a94e686632969f","ssdeep":"768:bt9rqAYKKKZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCOoCntlqorf:bbJZzFQ9JsTgZvfzmMzhYrTscpVZl","tlshash":"341329aab286282601e741ba503eb317b233051679129458fcb9cdf96e3ddc6117b7fc","size":41934,"data":"","first_seen":"2025-09-17T20:41:59.968191Z","last_seen":"2025-09-22T17:58:31.394791Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1f05vr3sjsuy7.cloudfront.net/WSTRJa0gqWycNdz1dLVZxeQx5Xn5vRDsOLnRQZBhmIFtvATsmWjlWHQACHzMLAEEBWwJvQDMPdXkSJQomLglvDiYqCXhNKS1WdF9uPUQmAHU9XTARJTFFMx4ub0EoViUmTiAHJCgRey19ZwRsWXhhQyAFLCZDOk56eVo9Tnp5BXlFeGwHC056eUMgBX59EX-opbXsEMV18bAcLTnp5Rj9OewgFel9meR1sWXguUSoAJ2wGD1l4eAR5Wnh4EXtbLiBGLA0nMRF7LXl6AGdbbjwJeA","fqdn":"d1f05vr3sjsuy7.cloudfront.net","domain":"d1f05vr3sjsuy7.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"5bb876fde687362a2e1e64f9ab17f566","sha1":"118627d32e5ad9aaf3c6c8fcd135647b73122be6","sha256":"a37f0298b719d93bc9b270262aae26c0beb1d7d43cfb177a5ff7f0db6676576c","sha512":"f2a28068a17c720bdb359cf3f561d40754699edb2e831c401115edc0b66152eab9bb6454f86e53d3defa9502fa5749230722564c650aff08756477d254586e0e","ssdeep":"","tlshash":"8311636a5801a8d5ccf7100a9afcb4bc8aca51ef60b2133238574b93f70d505d5d062e","size":871,"data":"","first_seen":"2025-09-17T20:41:59.972736Z","last_seen":"2025-09-17T20:41:59.972736Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d-s.io/f/","fqdn":"d-s.io","domain":"d-s.io","tld":"io"},"ip":{"addr":"104.26.4.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"9fda1724412fd3c8db9942aa6e8e3deb","sha1":"539eed6112906a989e297d5d51c98af3dff08f2f","sha256":"3ddb9787e2d99f63e1c8169da967fa7b50e0baebb523aae738ff38899d2eaf7c","sha512":"1b6fe4694f5e61f4c298e0bf7d632c31df118d987b1643004ec2149ddf468e65c858fab779d5af8c0a9cb8941216cd977497c32351aef1cc3878796054f18158","ssdeep":"","tlshash":"c1e02e59a47301e042bba05ec30b232310a3f2833940d4d8ba8cef000f2ab228e9a1c8","size":294,"data":"","first_seen":"2024-01-26T23:16:31Z","last_seen":"2026-05-08T10:19:11.992486Z","times_seen":1838,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":[{"md5":"1393fc0bfb45fb95b7fd8d05d8d11bee","sha1":"059b3c71d0ad8cbada64a573fe7a468463c9323d","sha256":"7fb4f358778bd35ce9bd71ec6a034c3438389ee14ae2e62d26f25c0526313c58","sha512":"81e4af77cf343740ffe1830e032bef2d286e8654db6a280de06ea186a5cb2dc374efc5cc4619402e440a3b40c6a54018b1e55ed17fff195326009b0d056a5b92","ssdeep":"48:MX6clUAZWCRcGYqY9pC/Z/KJlStAR4b7eMrxpqYhUKOahgrXMSxJJseKzwSAVvfB:MX6cKAwR+9KJlSPTU7r8SLuHAVpT0I","tlshash":"e39196a39560320565278d44b7c8ab9d232e856362228feff7513114cf87b55278d27f","size":4359,"data":"","first_seen":"2025-09-17T20:41:59.97537Z","last_seen":"2025-09-17T20:41:59.97537Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"console":null},"http":[{"url":{"schema":"https","addr":"d-s.io/f/","fqdn":"d-s.io","domain":"d-s.io","tld":"io"},"ip":{"addr":"104.26.4.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-09-17T20:37:24.657Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-s.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 28 Jul 2025 17:31:26 GMT","end":"Sun, 26 Oct 2025 18:31:21 GMT"},"fingerprint":{"sha1":"A5:9E:DD:39:BC:D0:D3:1C:5E:0F:69:58:0D:36:54:CB:A5:E3:E6:F9","sha256":"74:2B:9E:A8:87:1C:98:DA:61:BF:3B:46:A9:98:6B:CA:C3:3E:03:0C:40:B8:5E:77:ED:50:9C:BA:76:DA:D8:B4"}}},"request":{"raw":"GET /f/ HTTP/1.1\r\nHost: d-s.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:24 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nexpires: Tue, 16 Sep 2025 20:37:24 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2FFAAg0JloZgmMv4GH1K7ileOVTr6xAbYeB8MOaz7UCtaWIDmbV0hx7J2Qek%2BUHWsFC6%2FUzy5G%2F%2BEDrIq8%2F3nvMSgEvp1\"}]}\r\ncf-cache-status: DYNAMIC\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nserver-timing: cfCacheStatus;desc=\"DYNAMIC\", cfEdge;dur=2,cfOrigin;dur=66\r\ncontent-encoding: br\r\nset-cookie: lang=1; HttpOnly; Path=/; Domain=d-s.io\r\ncf-ray: 980b66bd39e7b28a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"jQuery:3.4.1","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"Cloudflare Browser Insights","description":"Cloudflare Browser Insights is a tool that measures the performance of websites from the perspective of users.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["Analytics","RUM"]}],"data":{"size":3177,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (958)","md5":"caca6faa6f05180a3e06af816553abee","sha1":"b735a4da8fa6c66293103b44a25db7dadc60b348","sha256":"54b7e99bfd3ecdea2486b512129b783da930a208c789fd71f9f8e0fe08d39c52","sha512":"471a9e9db95475c719d2d2552cfa23a0a62d9ce5f6ce5022a9acf4e71ab7cb330e366d0b499dcb7b5e826411b37882a3ad3d6c2454f2c96f1c2e98cfc158942c","ssdeep":"","tlshash":"7c61da0b3c60424f8153049870f2dd6d9dbeb21b4b0aa9e1b2df83a15f607cad4137d8","first_seen":"2025-07-31T19:13:53.351339Z","last_seen":"2025-09-17T20:41:59.935005Z","times_seen":8,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":33,"dns":21,"connect":1,"send":0,"wait":73,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.doodcdn.io/img/no_video_3.svg","fqdn":"i.doodcdn.io","domain":"doodcdn.io","tld":"io"},"ip":{"addr":"172.67.75.50","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.931Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"doodcdn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 08:23:08 GMT","end":"Fri, 28 Nov 2025 09:22:48 GMT"},"fingerprint":{"sha1":"41:A0:19:94:CC:EF:97:7B:BF:7D:F2:CD:0C:F4:BC:70:B7:10:69:B3","sha256":"7A:BC:65:69:BD:92:44:70:8B:39:07:C2:CB:6A:FC:86:3D:6C:53:7F:45:1D:B9:98:D8:F3:22:77:EA:BA:2F:7E"}}},"request":{"raw":"GET /img/no_video_3.svg HTTP/1.1\r\nHost: i.doodcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:24 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 2812\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 03 Jan 2022 15:38:36 GMT\r\netag: \"61d3187c-afc\"\r\nexpires: Fri, 17 Oct 2025 04:10:50 GMT\r\ncache-control: public, max-age=2592000, no-transform\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 39015\r\naccept-ranges: bytes\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=A0%2B027Q9XMoiKH4HTzzd3tkewEMFadQLp2lMb71Vrcqsz%2BI3HJdq6%2BWY3yG7xZjjQSlx2NmTjIfUcfDsYxQwqgil2FJ21TDInph9\"}]}\r\ncf-ray: 980b66bf293d2efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":2812,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"077bfdaa49ae4877a42611b739ec4752","sha1":"a2f9e1222b7af9abc05122411ab8902efcc08ead","sha256":"70d6a17097a8c27edfaad6740e11359d9363f3f04bff1b93483e29c25609fa6c","sha512":"9eac1eaf362f200f037ae6c0c9d5c257bb57708de9955816c69d67689293430bdf39cdcd91522a993c48b823971cb984956e1ebe44516a323da03ebcd2cbefe3","ssdeep":"","tlshash":"c95164dcb81c45bd890aa7f85a687e61366f91cd40734c8d78bd0ee223d0eadb114a9c","first_seen":"2023-04-05T18:52:02Z","last_seen":"2026-05-08T13:47:36.889005Z","times_seen":2741,"resource_available":false,"data":null}},"time_used":80,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Fd-s.io","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"94.242.236.142","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 21 Jul 2025 00:00:00 GMT","end":"Sun, 19 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"57:1C:3C:D5:C1:F2:62:8A:E4:97:AB:47:08:1D:6D:20:A7:31:0F:F1","sha256":"D5:34:58:63:74:58:D1:71:8E:01:AA:80:04:67:17:F5:C4:2B:DD:52:20:24:6B:9C:67:2B:D8:E4:7B:18:74:22"}}},"request":{"raw":"POST /cuid/?f=https%3A%2F%2Fd-s.io HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nContent-Type: application/json\r\nContent-Length: 10\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: application/json\r\ncontent-length: 32\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: a97fa794a0f9=6734314f9724af4678f0c4; expires=Sat, 01 Feb 2053 13:39:16 GMT; domain=wrathypenitis.help; path=/; secure; SameSite=None\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":32,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"1f790ce3e48e3b98fc5fbe732ec64425","sha1":"3de0ac40f638bd4fd560a0e14c3eb5b88e03e216","sha256":"a533bb5d75ad1243661adda34ceadde7aaaa1c8ec7570f2613aecc8a5abc0c98","sha512":"82a63a9492b44db410a36da3ec5956dc67643c244d05f4c2091b2d63b42568ed6ac897f05e1ebe4ffaa374588d5637e4eb21d9d291911355eca2add26848a0fb","ssdeep":"","tlshash":"7380041c13d03457010c50544405c00307c013d550443100415007d11c141544051c15","first_seen":"2025-09-17T20:41:59.93915Z","last_seen":"2025-09-17T20:41:59.93915Z","times_seen":1,"resource_available":false,"data":null}},"time_used":260,"timings":{"blocked":-1,"dns":41,"connect":18,"send":0,"wait":18,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ukankingwithea.com/","fqdn":"ukankingwithea.com","domain":"ukankingwithea.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.955Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ukankingwithea.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 14:13:33 GMT","end":"Sun, 23 Nov 2025 15:11:16 GMT"},"fingerprint":{"sha1":"1A:11:63:8A:09:D9:A9:1F:C1:06:34:29:E0:E0:95:E7:BA:BC:63:A3","sha256":"20:A6:48:1D:DB:42:37:88:BF:13:AD:64:91:6B:C4:6D:02:EA:D4:98:E1:E5:88:85:C0:D3:03:48:B4:F1:11:49"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ukankingwithea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=xhNV5p1Y6JlD4AT8BoKpGwmhJhQgdDq3iy8Kj0hiXpIAgUyKUIF8en6zbO9C4neZxBQ5APSs8c1ofUBuVf8y84F4kmy5PFvLkJEE1FjkwbY%3D\"}]}\r\ncontent-encoding: br\r\nset-cookie: csu=315013182325188@1@1758141446; SameSite=None; Secure; Max-Age=31104000\r\ncf-ray: 980b66c59a7156aa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":26,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"72317f53a5b54dada1c6e348eb2276e3","sha1":"dfa73d5bd261ed3ef5d263c95546b6d908a6463d","sha256":"57fd6a9d9e3bbea95345929ab69660e566d8823b8e521ae3c2c5c4974249f112","sha512":"a6dffa663a527cfac84109190f203509b5704a9ba87d90cf094388bc4096dfcd6500b7e2a4ea0c5e74fbe81dff0dec6a5b33894a96887421e1a08a44fd85608e","ssdeep":"","tlshash":"be800088880820a3aaaa2c8220a80c02300802a22200c08a80800000282228a2038a0b","first_seen":"2025-09-17T20:41:59.942963Z","last_seen":"2025-09-17T20:41:59.942963Z","times_seen":1,"resource_available":false,"data":null}},"time_used":281,"timings":{"blocked":77,"dns":29,"connect":1,"send":0,"wait":122,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"parashparyro.com/NkVZWGQZejorWVURPSIGBnQcGQ90Jz8zKXUXHyxBBAcKCSp3HQEvQkIsPWVdBnRrbVwQNTA8WQR8fysQVzEsK1kFYzA2All4OjQNVS5/LlkHa2l2UgZrbX4RC3Rta1YAdWhgUw93bGFSA3F/LBRXImRpQkYxLTRZB3JsYFUCdG1uUAd2bQ","fqdn":"parashparyro.com","domain":"parashparyro.com","tld":"com"},"ip":{"addr":"172.67.147.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"beacon","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:44.137Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"parashparyro.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 09:26:17 GMT","end":"Fri, 07 Nov 2025 10:24:46 GMT"},"fingerprint":{"sha1":"32:C6:41:72:32:7B:A7:C6:2C:35:1E:3A:D5:70:8F:39:E4:A3:1D:09","sha256":"D2:C7:33:5D:A8:F9:66:BE:B5:67:9E:B3:44:BC:B2:8B:43:94:6A:85:E6:1E:44:C6:1A:C9:13:30:F1:EA:CA:7E"}}},"request":{"raw":"POST /NkVZWGQZejorWVURPSIGBnQcGQ90Jz8zKXUXHyxBBAcKCSp3HQEvQkIsPWVdBnRrbVwQNTA8WQR8fysQVzEsK1kFYzA2All4OjQNVS5/LlkHa2l2UgZrbX4RC3Rta1YAdWhgUw93bGFSA3F/LBRXImRpQkYxLTRZB3JsYFUCdG1uUAd2bQ HTTP/1.1\r\nHost: parashparyro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nContent-Length: 0\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nserver: cloudflare\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RTqGMzKQQIm8zYtzbMED6vhNwgKT0HylHSic9XrfeCI8SeY8NUKP%2BV%2BMQA%2BgKv4GsLrCg7bDt9s1o%2BnaMz%2FS2fZwZYauhpWlh1fPccxz\"}]}\r\ndate: Wed, 17 Sep 2025 20:37:44 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 980b6736ba2ab51d-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":108,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":108,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.doodcdn.io/theme_2/css/bootstrap.min.css","fqdn":"i.doodcdn.io","domain":"doodcdn.io","tld":"io"},"ip":{"addr":"172.67.75.50","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.928Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"doodcdn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 08:23:08 GMT","end":"Fri, 28 Nov 2025 09:22:48 GMT"},"fingerprint":{"sha1":"41:A0:19:94:CC:EF:97:7B:BF:7D:F2:CD:0C:F4:BC:70:B7:10:69:B3","sha256":"7A:BC:65:69:BD:92:44:70:8B:39:07:C2:CB:6A:FC:86:3D:6C:53:7F:45:1D:B9:98:D8:F3:22:77:EA:BA:2F:7E"}}},"request":{"raw":"GET /theme_2/css/bootstrap.min.css HTTP/1.1\r\nHost: i.doodcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:24 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 03 Jan 2022 15:43:40 GMT\r\ncache-control: public, max-age=2592000\r\nexpires: Wed, 16 Sep 2026 04:51:30 GMT\r\nvary: Accept-Encoding,User-Agent\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=yGy4FQsFc41Ddjy%2FSJvt2iLhyMX5XXPSZm9kzr3S2wCcVomHUPPvZL%2Bu6A95ieJ6Z4c%2FHZBCEbI1SPq5ZYfPD0VGdesFelN6ONdD\"}]}\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 60024\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 980b66bf29432efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159515,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65324)","md5":"7cc40c199d128af6b01e74a28c5900b0","sha1":"d305110fb79113a961394b433d851a3410342b8c","sha256":"2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6","sha512":"ce79937f81cda05f54ea67c1e8a96101285b46f6ede02bc2687a0d574832b2c7d3a0d43ff40d1e35d51bbec4b038852825d323146da7752bebd0ba37669b13a9","ssdeep":"1536:a7OIJNT48SyEIA1pDEBi8INcuSEFO//uKFq3SYiLENM6HN26F:a7Za4GMq3SYiLENM6HN26F","tlshash":"9ef352a6f5a0312de467c61964d0bafe152f8245d7224bfaf827376487892c70a73e4c","first_seen":"2023-04-05T08:47:50Z","last_seen":"2026-05-08T14:45:36.654807Z","times_seen":18301,"resource_available":false,"data":null}},"time_used":170,"timings":{"blocked":79,"dns":35,"connect":1,"send":0,"wait":7,"receive":0,"ssl":40},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.doodcdn.io/theme_2/css/style.css","fqdn":"i.doodcdn.io","domain":"doodcdn.io","tld":"io"},"ip":{"addr":"172.67.75.50","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.929Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"doodcdn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 08:23:08 GMT","end":"Fri, 28 Nov 2025 09:22:48 GMT"},"fingerprint":{"sha1":"41:A0:19:94:CC:EF:97:7B:BF:7D:F2:CD:0C:F4:BC:70:B7:10:69:B3","sha256":"7A:BC:65:69:BD:92:44:70:8B:39:07:C2:CB:6A:FC:86:3D:6C:53:7F:45:1D:B9:98:D8:F3:22:77:EA:BA:2F:7E"}}},"request":{"raw":"GET /theme_2/css/style.css HTTP/1.1\r\nHost: i.doodcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:24 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 03 Jan 2022 15:43:40 GMT\r\ncache-control: public, max-age=2592000\r\nexpires: Wed, 16 Sep 2026 02:38:54 GMT\r\nvary: Accept-Encoding,User-Agent\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=e7mUVv0tC79lQ3knPvBIc34vFv7K4U514A2fyMjVBxB3axnVq1XFlp0JE7lCqdB4Qe%2BHxUtGPnfPIQW480CKgXTdoQp%2BszdtVSyJ\"}]}\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nage: 66595\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncontent-encoding: br\r\ncf-ray: 980b66bf293a2efa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":249272,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"59b293159a38ec92d8bd5fa4d09f8d59","sha1":"7167b460de2cb4d2534163de707b0aa0e84b73cf","sha256":"3f81f845eb11d647c4bd80b76d7af054203e52eab24bc359ddd5cb4f33efddd4","sha512":"b55df274069cf65273a15569e70ab1f0c9b7e2b65af78b3d14e56327fd612fa18500aac354fea72850cc590a39ee469c9696d48bbcf3d28347629ced62cd01c1","ssdeep":"3072:XBxWU/BP36/qMEGtbIxV/390PtglzmUDgTFe14DmC1zLK5oA2VM:n/J36LUDYFFmC1zLK5oA2VM","tlshash":"1234a4fc91fe08544396f4c51202a670bb7de22c9c0b6e5d92e6b9ddb9e1b48c1863cd","first_seen":"2024-12-01T06:06:05.009819Z","last_seen":"2026-05-08T13:47:37.234084Z","times_seen":721,"resource_available":false,"data":null}},"time_used":161,"timings":{"blocked":74,"dns":34,"connect":1,"send":0,"wait":8,"receive":0,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"undefined/Y1N4ejgCMRsXBwJuGlxNET9FXwoldko8XFI1SE9OEWALEEsWKk9UWw88DR5eETwWDhYNNgxfCiUrLT1qMzI9M0IgKj01XjACNjEJNWQhPG5aCyAKCiUXSDRyJGM5I1AXIDcrTBMSEj8dURU7EAE1FSoZbQURAEhzDzAgLWstPDsoVAUWMCNpLQIAXwolCj0zUiAAD0lvNDg2NnwtCR4RDAkdOSBBOxQpEX4gEjwcQTIdNhJxFRg6LwkrACpIfTBmLjZCWzYyHWkWHi08AS89HF8KIQU/ClkAPR8ucgQKFSpALmssInoEEBIOdgAUOixeUwkBHm4AHSwiegQWAVdhJDc/KHoFEAgUYQ8CSyJWOWIuDQktMD87bywGSQJ9NQVAIn8bNCwtSAIwEhl6LxI1Dlw1CjItVik7LjIBOTAVPHoFBR8RdzEKCT5RUzwpIggWMEo0aToFEBFyNT9dSHpFOQsVVhNuLz1IUCdMAAs7YhlCVTVkKg","fqdn":"undefined","domain":"undefined","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.438Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /Y1N4ejgCMRsXBwJuGlxNET9FXwoldko8XFI1SE9OEWALEEsWKk9UWw88DR5eETwWDhYNNgxfCiUrLT1qMzI9M0IgKj01XjACNjEJNWQhPG5aCyAKCiUXSDRyJGM5I1AXIDcrTBMSEj8dURU7EAE1FSoZbQURAEhzDzAgLWstPDsoVAUWMCNpLQIAXwolCj0zUiAAD0lvNDg2NnwtCR4RDAkdOSBBOxQpEX4gEjwcQTIdNhJxFRg6LwkrACpIfTBmLjZCWzYyHWkWHi08AS89HF8KIQU/ClkAPR8ucgQKFSpALmssInoEEBIOdgAUOixeUwkBHm4AHSwiegQWAVdhJDc/KHoFEAgUYQ8CSyJWOWIuDQktMD87bywGSQJ9NQVAIn8bNCwtSAIwEhl6LxI1Dlw1CjItVik7LjIBOTAVPHoFBR8RdzEKCT5RUzwpIggWMEo0aToFEBFyNT9dSHpFOQsVVhNuLz1IUCdMAAs7YhlCVTVkKg HTTP/1.1\r\nHost: undefined\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"undefined","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"undefined","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.806Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":0,"dns":31,"connect":1,"send":0,"wait":0,"receive":0,"ssl":10},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"c.adsco.re/","fqdn":"c.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"other","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.807Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET / HTTP/1.1\r\nHost: c.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nX-Moz: prefetch\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":44,"timings":{"blocked":44,"dns":0,"connect":1,"send":0,"wait":0,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"blockadsnot.com/eijkvowgnub?rhxIHTna=3\u0026VwDPoAgR=4\u0026cXViJhjs=4091021\u0026eQovCVbE=\u0026aMQoYONZ=0,0\u0026sjOpZWVG=\u0026mSyfTEes=\u0026hYpDHzti=1280,1024,1,1280,1024,0","fqdn":"blockadsnot.com","domain":"blockadsnot.com","tld":"com"},"ip":{"addr":"208.95.112.254","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:30.765Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"blockadsnot.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 04 Apr 2025 00:00:00 GMT","end":"Tue, 05 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"1E:C1:DD:D3:65:DB:48:42:4B:E9:38:9C:2B:C9:89:AD:03:15:09:01","sha256":"52:9E:8C:A6:FC:C6:91:C5:D7:DC:4D:0A:2B:16:72:72:8F:31:B7:EA:EE:CB:E2:7C:7C:A7:F2:F2:16:11:0E:8C"}}},"request":{"raw":"GET /eijkvowgnub?rhxIHTna=3\u0026VwDPoAgR=4\u0026cXViJhjs=4091021\u0026eQovCVbE=\u0026aMQoYONZ=0,0\u0026sjOpZWVG=\u0026mSyfTEes=\u0026hYpDHzti=1280,1024,1,1280,1024,0 HTTP/1.1\r\nHost: blockadsnot.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\npopads-node: wb3\r\naccess-control-allow-origin: *\r\ncontent-type: application/javascript\r\nasf: -3\r\npopads-ec: ASE\r\ncache-control: public, max-age=604800\r\nexpires: Wed, 24 Sep 2025 20:37:31 GMT\r\ncontent-length: 0\r\ndate: Wed, 17 Sep 2025 20:37:31 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":806,"timings":{"blocked":307,"dns":0,"connect":92,"send":0,"wait":192,"receive":0,"ssl":210},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/jquery/3.4.1/jquery.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Wed, 17 Sep 2025 19:09:23 GMT","end":"Tue, 16 Dec 2025 20:08:48 GMT"},"fingerprint":{"sha1":"E5:FA:6E:21:DA:AB:92:8F:E0:CB:31:C2:87:D4:E2:CE:9F:23:BF:C1","sha256":"E8:C7:D4:A8:29:E6:45:C0:C5:E3:AD:6A:90:36:30:4A:D7:2E:7C:F7:8F:57:44:E8:3B:2D:AF:F6:80:F7:4B:46"}}},"request":{"raw":"GET /ajax/libs/jquery/3.4.1/jquery.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:24 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 27748\r\ncf-ray: 980b66beccd2120a-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5eb03ec4-15851\"\r\nlast-modified: Mon, 04 May 2020 16:11:48 GMT\r\ncf-cdnjs-via: cfworker/kv\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 736836\r\nexpires: Mon, 07 Sep 2026 20:37:24 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=TNxDrq7WUIKE0HMYDauyGkKbKUAlZzA9PxTNllU9oes6PUnkJrYcqGwC0ma2OYPHBipQbhQT78xTOBqNzvhFOwQeIHNoZCqmFNZq4nvWTYJl014%2FGMjFfM%2BYgKFelw1VraJpi5SK\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":88145,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65451)","md5":"220afd743d9e9643852e31a135a9f3ae","sha1":"88523924351bac0b5d560fe0c5781e2556e7693d","sha256":"0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a","sha512":"6e722fce1e8553be592b1a741972c7f5b7b0cdafce230e9d2d587d20283482881c96660682e4095a5f14df45a96ec193a9b222030c53b1b7bbe8312b2eae440d","ssdeep":"1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe","tlshash":"338319dd72c6706257b761ba00bf540bf236599e6c4d4410f124e8eabc78a4a823bf7d","first_seen":"2023-03-07T01:02:34Z","last_seen":"2026-05-08T15:52:27.389446Z","times_seen":127311,"resource_available":true,"data":null}},"time_used":49,"timings":{"blocked":14,"dns":1,"connect":4,"send":0,"wait":12,"receive":1,"ssl":14},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"parashparyro.com/dXBkQ2daTwcwWhYlNnAFHyYlJTIzJyUWD0UhCCQmJx4ADDASPUI3DhFNXXNWR0VcZRccFFlxXlMDECITAANZckEcHgIsWlMGWXJJRV5Sc0lBVhF+VlMEFCIASEFCMxMBHFlyUEBIVXdWQURRd1ZG","fqdn":"parashparyro.com","domain":"parashparyro.com","tld":"com"},"ip":{"addr":"172.67.147.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"parashparyro.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 09:26:17 GMT","end":"Fri, 07 Nov 2025 10:24:46 GMT"},"fingerprint":{"sha1":"32:C6:41:72:32:7B:A7:C6:2C:35:1E:3A:D5:70:8F:39:E4:A3:1D:09","sha256":"D2:C7:33:5D:A8:F9:66:BE:B5:67:9E:B3:44:BC:B2:8B:43:94:6A:85:E6:1E:44:C6:1A:C9:13:30:F1:EA:CA:7E"}}},"request":{"raw":"GET /dXBkQ2daTwcwWhYlNnAFHyYlJTIzJyUWD0UhCCQmJx4ADDASPUI3DhFNXXNWR0VcZRccFFlxXlMDECITAANZckEcHgIsWlMGWXJJRV5Sc0lBVhF+VlMEFCIASEFCMxMBHFlyUEBIVXdWQURRd1ZG HTTP/1.1\r\nHost: parashparyro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=P%2FhbZd6o3ocAO0F0x6Z014urPSWVPjvboIHPCwCz6C30S61nL6JE2JRfOdiYqUUGlT1vL0dSj9iJ9P0bPTNDNwEFiSdHvlb6MlSo4JLS\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 980b66c26d0e568a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":307,"timings":{"blocked":94,"dns":0,"connect":1,"send":0,"wait":115,"receive":16,"ssl":78},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"bunkersparring.shop/gd/70849?md=eyJhIjo3MjU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kLXMuaW8vZi8iLCJoIjo0NDYwLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5NjA1LCJrIjowLCJ1IjoiIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6ImEyb2l4c2RtMWI0cGpjdSIsIm8iOnRydWUsIm0iOjE3NTgxNDE0NDU2MTAsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMlZpZGVvJTIwbm90JTIwZm91bmQlMjAlN0MlMjBEb29kU3RyZWFtJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRlc3QlM0EzJTIyJTJDJTIybm90JTNBMiUyMiUyQyUyMmZvdW5kJTNBMiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=h7q5T8idLKWMMrmW6iTG0g\u0026pr=1YB8DBYXc1mTRxnxJxgO3A","fqdn":"bunkersparring.shop","domain":"bunkersparring.shop","tld":"shop"},"ip":{"addr":"212.117.186.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.804Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bunkersparring.shop","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 00:36:37 GMT","end":"Sat, 18 Oct 2025 00:36:36 GMT"},"fingerprint":{"sha1":"A0:A8:A1:59:BB:4D:3B:D9:F2:A5:2C:9B:49:CC:C8:58:CD:A2:B6:95","sha256":"2C:77:30:EB:06:22:B8:8E:43:8B:D9:36:7E:45:B4:2A:A6:8C:CA:03:1C:25:42:8B:99:E9:B0:9E:63:56:68:E0"}}},"request":{"raw":"OPTIONS /gd/70849?md=eyJhIjo3MjU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kLXMuaW8vZi8iLCJoIjo0NDYwLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5NjA1LCJrIjowLCJ1IjoiIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6ImEyb2l4c2RtMWI0cGpjdSIsIm8iOnRydWUsIm0iOjE3NTgxNDE0NDU2MTAsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMlZpZGVvJTIwbm90JTIwZm91bmQlMjAlN0MlMjBEb29kU3RyZWFtJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRlc3QlM0EzJTIyJTJDJTIybm90JTNBMiUyMiUyQyUyMmZvdW5kJTNBMiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=h7q5T8idLKWMMrmW6iTG0g\u0026pr=1YB8DBYXc1mTRxnxJxgO3A HTTP/1.1\r\nHost: bunkersparring.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://d-s.io/\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: text/html; charset=UTF-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"0d7a61a5ae2424f444691dfa38e694ae","sha1":"dfb2f770cb7740844d94d2a2517af244b34c56ae","sha256":"e3c083d0e62029a9fc90700e7effced43eb213718ad4e7517e5b05a5a0ad9e49","sha512":"dc4531ceee0347383f28990bd01470ce323b0338a83b5b51e2640e3a9d1509346e23fe490ebfaeb4d7a86fd8ef22d2d6465990e6cb6583468d47174b97d25d03","ssdeep":"","tlshash":"8a30000000000000000000c0000000000000000000000000000300000c0c000c000000","first_seen":"2025-06-10T16:02:54.181066Z","last_seen":"2026-05-08T13:47:36.867264Z","times_seen":1591,"resource_available":false,"data":null}},"time_used":145,"timings":{"blocked":60,"dns":4,"connect":28,"send":0,"wait":20,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"bunkersparring.shop/gd/70849?md=eyJhIjo3MjU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kLXMuaW8vZi8iLCJoIjo0NDYwLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5NjA1LCJrIjowLCJ1IjoiIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6ImEyb2l4c2RtMWI0cGpjdSIsIm8iOnRydWUsIm0iOjE3NTgxNDE0NDU2MTAsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMlZpZGVvJTIwbm90JTIwZm91bmQlMjAlN0MlMjBEb29kU3RyZWFtJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRlc3QlM0EzJTIyJTJDJTIybm90JTNBMiUyMiUyQyUyMmZvdW5kJTNBMiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=h7q5T8idLKWMMrmW6iTG0g\u0026pr=1YB8DBYXc1mTRxnxJxgO3A","fqdn":"bunkersparring.shop","domain":"bunkersparring.shop","tld":"shop"},"ip":{"addr":"212.117.186.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.899Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"bunkersparring.shop","organization":""},"issuer":{"commonName":"R10","organization":"Let's Encrypt"},"validity":{"start":"Sun, 20 Jul 2025 00:36:37 GMT","end":"Sat, 18 Oct 2025 00:36:36 GMT"},"fingerprint":{"sha1":"A0:A8:A1:59:BB:4D:3B:D9:F2:A5:2C:9B:49:CC:C8:58:CD:A2:B6:95","sha256":"2C:77:30:EB:06:22:B8:8E:43:8B:D9:36:7E:45:B4:2A:A6:8C:CA:03:1C:25:42:8B:99:E9:B0:9E:63:56:68:E0"}}},"request":{"raw":"POST /gd/70849?md=eyJhIjo3MjU4LCJzIjoiMTI4MHgxMDI0IiwiYiI6IjEyODB4MTAyNCIsInIiOiIiLCJxIjoiaHR0cHM6Ly9kLXMuaW8vZi8iLCJoIjo0NDYwLCJsIjoiZW4tVVMiLCJ0IjowLCJ6Ijo5NjA1LCJrIjowLCJ1IjoiIiwiZiI6ZmFsc2UsIndoIjoibm90IGluIGlmcmFtZSIsImloIjoiMTI4MHgxMDI0IiwiZSI6ImEyb2l4c2RtMWI0cGpjdSIsIm8iOnRydWUsIm0iOjE3NTgxNDE0NDU2MTAsInciOiIlN0IlMjJ0aXRsZSUyMiUzQSUyMlZpZGVvJTIwbm90JTIwZm91bmQlMjAlN0MlMjBEb29kU3RyZWFtJTIyJTJDJTIya2V5d29yZHMlMjIlM0ElNUIlNUQlMkMlMjJ0b3B3b3JkcyUyMiUzQSU1QiUyMnRlc3QlM0EzJTIyJTJDJTIybm90JTNBMiUyMiUyQyUyMmZvdW5kJTNBMiUyMiU1RCU3RCIsInRzIjowLCJwciI6MSwiaGMiOjQ4LCJibCI6LTEsImJjIjozLCJ2diI6Ik1lc2EiLCJ2ciI6Imxsdm1waXBlIiwiYWMiOjAsImN0IjoidW5rbm93biIsImNldCI6InVua25vd24iLCJjZGxtIjotMSwiY2RsIjotMSwiY3J0dCI6LTEsInRtcyI6MTIwLCJjZSI6dHJ1ZSwiY2QiOjI0LCJvciI6ImxhbmRzY2FwZS1wcmltYXJ5IiwiZnMiOm51bGwsImZzbyI6bnVsbCwiaW0iOnRydWV9\u0026fc=h7q5T8idLKWMMrmW6iTG0g\u0026pr=1YB8DBYXc1mTRxnxJxgO3A HTTP/1.1\r\nHost: bunkersparring.shop\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/json\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nContent-Type: application/json\r\nContent-Length: 82\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: application/json\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Thu, 18-Sep-2025 20:37:25 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyM0KgkAUhuE5hxiIJPjA9l6BadnCbbYMXXgFZhEDwxyZGfu5%2B2zxLp5XKcVpAjYTkrrM6yKvDnl5qkBPcNuBRwfdin8PX5AHF0ewd9h0wUrWyOzi8kes%2FgYZbM%2FWfLJe7ByNuABeWjfDzT72l%2F4KmjSBo2gGh3uqQC%2B9%2BwFe7x3U; expires=Thu, 18-Sep-2025 20:37:25 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":744,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"6b50824b3766bb0bdb70b7cd0163166a","sha1":"55573dc7685394a7f4ed5d0e3dd1c6da58b45742","sha256":"0adc985e652d30fdf18c30d5f5b248744ba594ba0d9c94ceb998e68e8f49c353","sha512":"8ca6f90c74308f4c0cdb5ab7652c170d9676644982efa01f1825af530b5d5cb4aa94140a0558a671da1e1eb25911b81f2a50a4559064dca7fb1bdba106b66bf2","ssdeep":"","tlshash":"7301bad0501845249eea87c4b2cd5571bdb65a912a00ae1d771d700543735188f0cc7d","first_seen":"2025-09-17T20:41:59.951686Z","last_seen":"2025-09-17T20:41:59.951686Z","times_seen":1,"resource_available":false,"data":null}},"time_used":135,"timings":{"blocked":-1,"dns":13,"connect":28,"send":0,"wait":39,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"bunkersparring.shop","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ukankingwithea.com/asd100.bin","fqdn":"ukankingwithea.com","domain":"ukankingwithea.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.953Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ukankingwithea.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 14:13:33 GMT","end":"Sun, 23 Nov 2025 15:11:16 GMT"},"fingerprint":{"sha1":"1A:11:63:8A:09:D9:A9:1F:C1:06:34:29:E0:E0:95:E7:BA:BC:63:A3","sha256":"20:A6:48:1D:DB:42:37:88:BF:13:AD:64:91:6B:C4:6D:02:EA:D4:98:E1:E5:88:85:C0:D3:03:48:B4:F1:11:49"}}},"request":{"raw":"GET /asd100.bin HTTP/1.1\r\nHost: ukankingwithea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nage: 121\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7v7DgYF2VH8eDJi9srQbJw1nB4OjO5OdlwxbKuRUwIDKNV44n2mlwliWNnEXo4PaHRN8QuYdlXxBWiTdiPuQGJvKJ5gbmXpKej5GsuKxhMY%3D\"}]}\r\ncontent-encoding: br\r\ncf-ray: 980b66c59a7656aa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":159,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"fb9666f93e418b95fea8fdbc20e80af9","sha1":"d4eefca1b299cc266a80e83c9e39c4261cb87583","sha256":"c6252ea6e785c1dc0d44dab86653a7209eb507e45b70d138ce515576743b64f7","sha512":"0755f4cc922e42f766ba52405c9a8df0038cb9fbab8cd3d94eccfb8262ffcf89c21ad29bbd52ea6e52a27c8756372a8cb5d49fcf768f61b41e7a5b3fb56779dd","ssdeep":"","tlshash":"64c02bbd2513bc0c86a3307636c3b090c1978337f57e81110540805730cf2a98ac33ab","first_seen":"2023-04-13T06:05:51Z","last_seen":"2026-05-08T15:20:03.739994Z","times_seen":2927,"resource_available":false,"data":null}},"time_used":184,"timings":{"blocked":83,"dns":34,"connect":2,"send":0,"wait":9,"receive":0,"ssl":45},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AfYwgwUor825dBCUq8legbf_uBsgqSMjkrb7UrcTK2vjOWR8fkE1U0g3iv1o4F9_aSqzQj4luotN\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-703681525%3A1758141446117558","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:26.163Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:38:01 GMT","end":"Mon, 01 Dec 2025 08:38:00 GMT"},"fingerprint":{"sha1":"50:D2:49:3C:F8:95:11:7F:74:11:C6:30:B6:82:0C:F4:34:21:2E:47","sha256":"EA:D4:6B:60:2A:3C:4B:39:32:39:92:5B:56:98:4B:5B:00:E5:93:5E:BA:66:43:BD:89:DE:10:FF:76:70:E1:53"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AfYwgwUor825dBCUq8legbf_uBsgqSMjkrb7UrcTK2vjOWR8fkE1U0g3iv1o4F9_aSqzQj4luotN\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-703681525%3A1758141446117558 HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce--LhcxIo2QEWZ4wKFUUcA3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.3HBIfyy7sbs.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":59,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":59,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d-s.io/cdn-cgi/rum?","fqdn":"d-s.io","domain":"d-s.io","tld":"io"},"ip":{"addr":"104.26.4.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:26.331Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-s.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 28 Jul 2025 17:31:26 GMT","end":"Sun, 26 Oct 2025 18:31:21 GMT"},"fingerprint":{"sha1":"A5:9E:DD:39:BC:D0:D3:1C:5E:0F:69:58:0D:36:54:CB:A5:E3:E6:F9","sha256":"74:2B:9E:A8:87:1C:98:DA:61:BF:3B:46:A9:98:6B:CA:C3:3E:03:0C:40:B8:5E:77:ED:50:9C:BA:76:DA:D8:B4"}}},"request":{"raw":"POST /cdn-cgi/rum? HTTP/1.1\r\nHost: d-s.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\ncontent-type: application/json\r\nContent-Length: 997\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/f/\r\nCookie: lang=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/3 204 No Content\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-methods: POST,OPTIONS\r\naccess-control-max-age: 86400\r\nvary: Origin, accept-encoding\r\naccess-control-allow-credentials: true\r\ncontent-type: text/plain\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=X0G8007fIzm469Y%2BHak28Ph5u7P5diqIm05ihLbLLpxrJzI%2BE9JwOhJ3mThtDMTB3MIw9sytwPEx0Td9X2SffyNLwQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\nserver: cloudflare\r\ncf-ray: 980b66c77f617131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":4,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":4,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"i.doodcdn.io/theme_2/fonts/avertastd-regular-webfont.woff2","fqdn":"i.doodcdn.io","domain":"doodcdn.io","tld":"io"},"ip":{"addr":"172.67.75.50","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.196Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"doodcdn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 08:23:08 GMT","end":"Fri, 28 Nov 2025 09:22:48 GMT"},"fingerprint":{"sha1":"41:A0:19:94:CC:EF:97:7B:BF:7D:F2:CD:0C:F4:BC:70:B7:10:69:B3","sha256":"7A:BC:65:69:BD:92:44:70:8B:39:07:C2:CB:6A:FC:86:3D:6C:53:7F:45:1D:B9:98:D8:F3:22:77:EA:BA:2F:7E"}}},"request":{"raw":"GET /theme_2/fonts/avertastd-regular-webfont.woff2 HTTP/1.1\r\nHost: i.doodcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://i.doodcdn.io/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 23812\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 03 Jan 2022 15:43:40 GMT\r\ncache-control: max-age=2592000\r\nexpires: Thu, 16 Oct 2025 06:39:36 GMT\r\nvary: User-Agent,Accept-Encoding\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=RjVRauKhyy7QXp6S7YvBdCd51hY7SbF2iu8uilg0eA8REFI2CgZwWi%2FGNl5h%2FfZ4gfWwaJxo4i4dza97DNB7jpmlFUM4tbz1iqq1\"}]}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-cache-status: HIT\r\nx-accel-buffering: yes\r\nage: 68791\r\naccept-ranges: bytes\r\ncf-ray: 980b66c059ec120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":23812,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 23812, version 1.524","md5":"eb586e5a1b86dbf1c866e3ed80f9d18e","sha1":"280ee78d19c017ab9335f769595e5157d3c4a343","sha256":"714e70103deac0d67f52a6285c5fabee6088ce4d710ce7e74353503837038baf","sha512":"18b5a9996a6d0fd263f778b1ce4b7a84c42febf2dfcd5187bdc74192c156571823e973d6720f45536ef1048a355313169a4f1de1ebc30bdb0989065a1ff9ffea","ssdeep":"384:bdPI9PvaAAoKG+zf3bAVYGlg96u6Z+tUF7ZrzSkorNYlVFLhfkZv9wPXcqEbJtuE:bdPIdCA7+jVhvUFtrzSkMNOp9k99h7dr","tlshash":"c2b2e17ad02cde72f5b6f3a59b2486e2d136d235232333e2151b89ba826170e1d16bd0","first_seen":"2023-04-05T18:53:41Z","last_seen":"2026-05-08T13:47:37.116508Z","times_seen":4178,"resource_available":false,"data":null}},"time_used":15,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":9,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wrathypenitis.help/cuid/?f=https%3A%2F%2Fd-s.io","fqdn":"wrathypenitis.help","domain":"wrathypenitis.help","tld":"help"},"ip":{"addr":"94.242.236.142","port":443,"asn":7979,"as":"SERVERS-COM","country":"Luxembourg","country_code":"LU"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.615Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"wrathypenitis.help","organization":""},"issuer":{"commonName":"ZeroSSL RSA Domain Secure Site CA","organization":"ZeroSSL"},"validity":{"start":"Mon, 21 Jul 2025 00:00:00 GMT","end":"Sun, 19 Oct 2025 23:59:59 GMT"},"fingerprint":{"sha1":"57:1C:3C:D5:C1:F2:62:8A:E4:97:AB:47:08:1D:6D:20:A7:31:0F:F1","sha256":"D5:34:58:63:74:58:D1:71:8E:01:AA:80:04:67:17:F5:C4:2B:DD:52:20:24:6B:9C:67:2B:D8:E4:7B:18:74:22"}}},"request":{"raw":"OPTIONS /cuid/?f=https%3A%2F%2Fd-s.io HTTP/1.1\r\nHost: wrathypenitis.help\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nAccess-Control-Request-Method: POST\r\nAccess-Control-Request-Headers: content-type\r\nReferer: https://d-s.io/\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"OPTIONS"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-length: 0\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":401,"timings":{"blocked":190,"dns":40,"connect":18,"send":0,"wait":24,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"wrathypenitis.help","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AfYwgwWvj3o8-Tf64ObW9KdnyCcOpaYipZqWszyX3v21Qs-d2aRIG_lr5cG-2nR5UFvkUz7rNJqi\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-1493054625%3A1758141446120905","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:26.179Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:38:01 GMT","end":"Mon, 01 Dec 2025 08:38:00 GMT"},"fingerprint":{"sha1":"50:D2:49:3C:F8:95:11:7F:74:11:C6:30:B6:82:0C:F4:34:21:2E:47","sha256":"EA:D4:6B:60:2A:3C:4B:39:32:39:92:5B:56:98:4B:5B:00:E5:93:5E:BA:66:43:BD:89:DE:10:FF:76:70:E1:53"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AfYwgwWvj3o8-Tf64ObW9KdnyCcOpaYipZqWszyX3v21Qs-d2aRIG_lr5cG-2nR5UFvkUz7rNJqi\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-1493054625%3A1758141446120905 HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport, script-src 'nonce-X_bATqb28LcznTKWSxILhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.3HBIfyy7sbs.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":28,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":28,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faqirsgoliard.top/gHzOaAdOhbZ/71405","fqdn":"faqirsgoliard.top","domain":"faqirsgoliard.top","tld":"top"},"ip":{"addr":"23.109.170.138","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.934Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"faqirsgoliard.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 14 Sep 2025 16:24:24 GMT","end":"Sat, 13 Dec 2025 16:24:23 GMT"},"fingerprint":{"sha1":"43:2F:F5:7A:76:8F:99:D9:28:57:4A:2B:09:D1:33:32:71:41:14:60","sha256":"10:EB:BF:5D:7A:2F:23:5E:E7:3E:EA:48:98:2C:98:4C:C7:05:2A:37:B1:9B:F7:1A:ED:EB:F9:67:E0:5F:C0:4B"}}},"request":{"raw":"GET /gHzOaAdOhbZ/71405 HTTP/1.1\r\nHost: faqirsgoliard.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Thu, 18-Sep-2025 20:37:25 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyM0KgkAUhuE5hxiIJPjA9l6BadnCbbYMXXgFZhEDwxyZGfu5%2B2zxLp5XKcVpAjYTkrrM6yKvDnl5qkBPcNuBRwfdin8PX5AHF0ewd9h0wUrWyOzi8kes%2FgYZbM%2FWfLJe7ByNuABeWjfDzT72l%2F4KmjSBo2gGh3uqQC%2B9%2BwFe7x3U; expires=Thu, 18-Sep-2025 20:37:25 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"4fc71bf68a1d477bd1523733e34d1e90","sha1":"15119105cffbe108b6cf290146ab02c9aa8517ba","sha256":"74c1971a5c7f3f1cfb81b7a0a8717cee5a45841844104566e00bbfca271943ce","sha512":"e8e5f5430841f9cdaad492efce3fed11992913ad2b714b27c6fd147c55b2c56dc1b896635f24c2b180d4215c70ba9a042847d7d9cf3ff8a67b636a4c0ca1ce3d","ssdeep":"","tlshash":"f440000300000000cc300000300300000000000000000c00c000000000000000000000","first_seen":"2023-03-07T01:31:39Z","last_seen":"2026-05-08T13:47:37.011523Z","times_seen":10643,"resource_available":true,"data":null}},"time_used":356,"timings":{"blocked":160,"dns":128,"connect":17,"send":0,"wait":23,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"faqirsgoliard.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"faqirsgoliard.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"parashparyro.com/VlZJaGt5aSobVjMSDx4yZT4ZKj0+AR1YWx4OeCYiBQcfDT09E28cAjJrcF9fZGJ6Ths/MnRZU3AlPQkfIyV0WU0/OC8HVnAgdFlFZnh7Rl5wI3RZTSImKA9WZ3A5HB86a3hfXm5nfVlfYmN9Wl8","fqdn":"parashparyro.com","domain":"parashparyro.com","tld":"com"},"ip":{"addr":"172.67.147.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.463Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"parashparyro.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 09:26:17 GMT","end":"Fri, 07 Nov 2025 10:24:46 GMT"},"fingerprint":{"sha1":"32:C6:41:72:32:7B:A7:C6:2C:35:1E:3A:D5:70:8F:39:E4:A3:1D:09","sha256":"D2:C7:33:5D:A8:F9:66:BE:B5:67:9E:B3:44:BC:B2:8B:43:94:6A:85:E6:1E:44:C6:1A:C9:13:30:F1:EA:CA:7E"}}},"request":{"raw":"GET /VlZJaGt5aSobVjMSDx4yZT4ZKj0+AR1YWx4OeCYiBQcfDT09E28cAjJrcF9fZGJ6Ths/MnRZU3AlPQkfIyV0WU0/OC8HVnAgdFlFZnh7Rl5wI3RZTSImKA9WZ3A5HB86a3hfXm5nfVlfYmN9Wl8 HTTP/1.1\r\nHost: parashparyro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Zqg3cLjWlDZ4yvS4XKcZ0AlvZygweBegsyW5qzIMxVkQqeE6dMF2YiSTg60O2NR26GyR4yc1ZOt0m8KTjCm0UZWhV%2BpBj4sVWsdxjT2Y\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 980b66c27d20568a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":267,"timings":{"blocked":71,"dns":5,"connect":1,"send":0,"wait":121,"receive":1,"ssl":61},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"faqirsgoliard.top/r67c0fc81985e5/70849","fqdn":"faqirsgoliard.top","domain":"faqirsgoliard.top","tld":"top"},"ip":{"addr":"23.109.170.138","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.935Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"faqirsgoliard.top","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 14 Sep 2025 16:24:24 GMT","end":"Sat, 13 Dec 2025 16:24:23 GMT"},"fingerprint":{"sha1":"43:2F:F5:7A:76:8F:99:D9:28:57:4A:2B:09:D1:33:32:71:41:14:60","sha256":"10:EB:BF:5D:7A:2F:23:5E:E7:3E:EA:48:98:2C:98:4C:C7:05:2A:37:B1:9B:F7:1A:ED:EB:F9:67:E0:5F:C0:4B"}}},"request":{"raw":"GET /r67c0fc81985e5/70849 HTTP/1.1\r\nHost: faqirsgoliard.top\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-headers: content-type, megageocheckolololo, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nset-cookie: GL_UI4=eJw9zV1OhDAcBHC%2BWdcFnYQDeASKQHj1xSv4SAr9g3Wh3ZQKensbE32bTH6T8TwvKB7g78kZ4Sdv8MRY13Z1U3VlPXa8GoaubZtyaLqSVc00NbiTW2%2F5sJCNcNpWbmxv9wiXmRQZOfajFpTh0am%2F5qr0oSLEg%2BFKZIhXJ5YM6WD0sZEpQkSKr4T0VRqa9JcT%2FEMbhOy5dlkql%2F0Sgd6KMD8jfZNKuGV%2BQcDKPE883N8Wbidt1l6KxEc8Gy4I%2FgtOI7c0a%2FONVNB2tfoG6EX0%2F%2F73ODxYiUTQLkdCrO07mR%2B4dk3m; expires=Thu, 18-Sep-2025 20:37:25 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJwVyM0KgkAUhuE5hxiIJPjA9l6BadnCbbYMXXgFZhEDwxyZGfu5%2B2zxLp5XKcVpAjYTkrrM6yKvDnl5qkBPcNuBRwfdin8PX5AHF0ewd9h0wUrWyOzi8kes%2FgYZbM%2FWfLJe7ByNuABeWjfDzT72l%2F4KmjSBo2gGh3uqQC%2B9%2BwFe7x3U; expires=Thu, 18-Sep-2025 20:37:25 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":86871,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65535), with no line terminators","md5":"d86a0c81a1d74862eba446404548a96e","sha1":"9bbdd60381487a16ae7eccdbca20497c62156ff2","sha256":"718e449c3e3a5570b916d72f92a11848bd49f25f38b9aabc04be19eb5339a12a","sha512":"2793e8716a3fdafcd5667bfd2e0fbd21e16d60262b84583541da033d524b541cb501a73891c76739bf194761619ee230b30f687642dbae1054f989fe5ac2c83e","ssdeep":"1536:PypLYvztRhsnK6YJ2Zodc440BeDKgErJ5AWvhi5xgqBXuWO1IdH:P+EvpRhsnK8DKjwTOC","tlshash":"708319e0b761b0bd8f8650e5b7369013d1ad2cd4308dd8f4e23e6d147e5294ae1be2e9","first_seen":"2025-09-17T20:41:59.956399Z","last_seen":"2025-09-17T20:41:59.956399Z","times_seen":1,"resource_available":false,"data":null}},"time_used":209,"timings":{"blocked":-1,"dns":127,"connect":20,"send":0,"wait":35,"receive":0,"ssl":27},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"faqirsgoliard.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"faqirsgoliard.top","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"parashparyro.com/SHVQM1NnSjNAbiwYAQM3MiMTZgIGNBRmBSs3FWoXGSMZdwIvMHZHOixIaQNreEBmFSMhEW0CdTsBMUcmO0hhFTomEz8OdT5IYR1gfFtjBX1+UyUOYm4BIFI0dUR2Qyc8GW0CZH1NYQdifEFlAGp/","fqdn":"parashparyro.com","domain":"parashparyro.com","tld":"com"},"ip":{"addr":"172.67.147.152","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"parashparyro.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 09 Aug 2025 09:26:17 GMT","end":"Fri, 07 Nov 2025 10:24:46 GMT"},"fingerprint":{"sha1":"32:C6:41:72:32:7B:A7:C6:2C:35:1E:3A:D5:70:8F:39:E4:A3:1D:09","sha256":"D2:C7:33:5D:A8:F9:66:BE:B5:67:9E:B3:44:BC:B2:8B:43:94:6A:85:E6:1E:44:C6:1A:C9:13:30:F1:EA:CA:7E"}}},"request":{"raw":"GET /SHVQM1NnSjNAbiwYAQM3MiMTZgIGNBRmBSs3FWoXGSMZdwIvMHZHOixIaQNreEBmFSMhEW0CdTsBMUcmO0hhFTomEz8OdT5IYR1gfFtjBX1+UyUOYm4BIFI0dUR2Qyc8GW0CZH1NYQdifEFlAGp/ HTTP/1.1\r\nHost: parashparyro.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 204 No Content\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\naccess-control-allow-origin: *\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KB6hZzr%2B1WfiC79wE5yjS6ws8sfWKc%2FQp0LGnE1c4IwAKFyCmfcFXv0HRWtH5mCu%2BdNARs29GbETqvqvHVeTU469FqEynHZaMcsCjO92\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 980b66c29d32568a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"204","status_text":"No Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":376,"timings":{"blocked":144,"dns":15,"connect":1,"send":0,"wait":109,"receive":0,"ssl":99},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AfYwgwWdfyof70p2JoZTegRIxFBiaL8PX0v7QYKoPzOFZ6euLjDrgyKsqKH4m35xmluMCOT1HQ-t","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:26.119Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:38:01 GMT","end":"Mon, 01 Dec 2025 08:38:00 GMT"},"fingerprint":{"sha1":"50:D2:49:3C:F8:95:11:7F:74:11:C6:30:B6:82:0C:F4:34:21:2E:47","sha256":"EA:D4:6B:60:2A:3C:4B:39:32:39:92:5B:56:98:4B:5B:00:E5:93:5E:BA:66:43:BD:89:DE:10:FF:76:70:E1:53"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AfYwgwWdfyof70p2JoZTegRIxFBiaL8PX0v7QYKoPzOFZ6euLjDrgyKsqKH4m35xmluMCOT1HQ-t HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:SZIcQ9PWkGHGpBny_xSQ6zEkirrNXQ:zIbZls26lE4Fd811;Path=/;Expires=Fri, 17-Sep-2027 20:37:26 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AfYwgwWvj3o8-Tf64ObW9KdnyCcOpaYipZqWszyX3v21Qs-d2aRIG_lr5cG-2nR5UFvkUz7rNJqi\u0026passive=true\u0026service=mail\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-1493054625%3A1758141446120905\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-IOaxC87TLJz7-QTe0IWlyg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 416\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":37,"timings":{"blocked":2,"dns":0,"connect":0,"send":0,"wait":35,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"nlargeconsult.org/multi?cs=UzczSE5iDgVwemoHBn57ZAQKfHg\u0026abt=0\u0026red=1\u0026sm=76\u0026k=\u0026v=1.0.60.4\u0026sts=0\u0026prn=0\u0026emb=0\u0026tid=901258\u0026rxy=1280_1024\u0026fs=1\u0026ref=https%3A%2F%2Fd-s.io%2Ff%2F\u0026jst=0\u0026enr=0\u0026lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0\u0026tzd=0\u0026uloc=\u0026if=0\u0026_sIqh=1758141446114\u0026crc=1","fqdn":"nlargeconsult.org","domain":"nlargeconsult.org","tld":"org"},"ip":{"addr":"3.164.240.108","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:26.123Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"nlargeconsult.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M04","organization":"Amazon"},"validity":{"start":"Tue, 12 Aug 2025 00:00:00 GMT","end":"Thu, 10 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"E2:BC:F5:F1:9F:07:7C:68:7E:FC:8F:E3:A7:02:4B:CA:6B:A0:43:D1","sha256":"9F:FE:A9:89:6D:0F:92:69:6F:55:32:24:1E:4B:5D:84:4E:6F:08:02:1C:0A:F2:45:CE:66:8C:46:00:EE:55:1A"}}},"request":{"raw":"GET /multi?cs=UzczSE5iDgVwemoHBn57ZAQKfHg\u0026abt=0\u0026red=1\u0026sm=76\u0026k=\u0026v=1.0.60.4\u0026sts=0\u0026prn=0\u0026emb=0\u0026tid=901258\u0026rxy=1280_1024\u0026fs=1\u0026ref=https%3A%2F%2Fd-s.io%2Ff%2F\u0026jst=0\u0026enr=0\u0026lcua=mozilla%2F5.0%20(windows%20nt%2010.0%3B%20win64%3B%20x64%3B%20rv%3A134.0)%20gecko%2F20100101%20firefox%2F134.0\u0026tzd=0\u0026uloc=\u0026if=0\u0026_sIqh=1758141446114\u0026crc=1 HTTP/1.1\r\nHost: nlargeconsult.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/plain\r\ncontent-length: 1932\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nset-cookie: AWSALB=/LCy/cs7S2qgCP4aPmOxaluQIujQwaxl4cK5kE/O3zXxDs2N/h5v4Yth8uDSuGT/ae6k6ilCbGzc6OT2vqGJ20Ok8RswVukI8MYGoOyj9OBd3hu2xuGAkau6+vj1; Expires=Wed, 24 Sep 2025 20:37:26 GMT; Path=/\nAWSALBCORS=/LCy/cs7S2qgCP4aPmOxaluQIujQwaxl4cK5kE/O3zXxDs2N/h5v4Yth8uDSuGT/ae6k6ilCbGzc6OT2vqGJ20Ok8RswVukI8MYGoOyj9OBd3hu2xuGAkau6+vj1; Expires=Wed, 24 Sep 2025 20:37:26 GMT; Path=/; SameSite=None\ncsu=dd778267-7f72-443d-8665-8f0a8ff4e916\r\nserver: openresty/1.17.8.2\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://d-s.io\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 bc2ad79bb70175937978804970010644.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: ARN53-P2\r\nx-amz-cf-id: EZ7YdKmF-Asd4JxuLR-hs0Gz8yr9Danc9JVyltPsTO2P_aZ9rHqU_g==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3903,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with very long lines (3903), with no line terminators","md5":"a111166dafb94948b88d5b1721455d8b","sha1":"2dc3e319227c861c5450c040444281dc8e794e75","sha256":"71d6c0b179e2c828b00585312baf14275755b4c50164ac8b9f6c3d1a60854dcf","sha512":"68277e8a0d9a49e772a602e724b0134fa489e50fb996477362200df7c9503790ca810b85226ce5a966b264f932c036bd17e0ef21a35541750da07fabb56be51a","ssdeep":"","tlshash":"f5818449740be62f90e9d321986e9c7bfc245f5b139f8ccead2e71c22ca21743531a02","first_seen":"2025-09-17T20:41:59.958959Z","last_seen":"2025-09-17T20:41:59.958959Z","times_seen":1,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":45,"dns":19,"connect":8,"send":0,"wait":135,"receive":0,"ssl":17},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"nlargeconsult.org","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015","fqdn":"static.cloudflareinsights.com","domain":"cloudflareinsights.com","tld":"com"},"ip":{"addr":"104.16.80.73","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cloudflareinsights.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sun, 24 Aug 2025 02:39:12 GMT","end":"Sat, 22 Nov 2025 03:39:06 GMT"},"fingerprint":{"sha1":"B4:6C:D2:16:CA:52:EE:BD:22:D7:B4:2C:64:FF:A5:EF:67:D8:E1:F8","sha256":"FF:3A:23:84:D6:B2:73:DF:50:6E:1A:45:A4:AB:03:37:0B:C4:4A:8E:82:12:99:10:80:A2:F7:FC:71:E3:BA:1D"}}},"request":{"raw":"GET /beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015 HTTP/1.1\r\nHost: static.cloudflareinsights.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:24 GMT\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=86400\r\netag: W/\"2024.6.1\"\r\nlast-modified: Thu, 06 Jun 2024 15:52:56 GMT\r\ncross-origin-resource-policy: cross-origin\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 980b66bf1c185ebd-OSL\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":19948,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (19948), with no line terminators","md5":"ec18af6d41f6f278b6aed3bdabffa7bc","sha1":"62c9e2cab76b888829f3c5335e91c320b22329ae","sha256":"8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f","sha512":"669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511","ssdeep":"384:XriNpnjyMkg8XMtExRN1w29JIOzahXtO2nJ65:GijgSWuanfJ65","tlshash":"8d92d7def645723613f76076913f220b733b35a528068459812adbc22c3d98f6267f6e","first_seen":"2024-06-07T09:21:23Z","last_seen":"2026-05-08T15:46:31.910972Z","times_seen":335089,"resource_available":true,"data":null}},"time_used":83,"timings":{"blocked":-1,"dns":23,"connect":1,"send":0,"wait":12,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ereedmadehimal.org/bkNLelIPISgXbQ9+KVwnHC92X2AoZnk8Nl8le08kHHA4ECEbOnxUMQIsPh40HCwlDnwAJj9fYCgUGC4AJCJ7HSM5Oig0NhRyLzYENDsuKypbGyVPJDwHODUeABEaIBAGLgI8JhgCHwk/OSknLRo/AggyKCMPCj8XLBQ8MCQ/BwYqNjYoGDADAS4HHT4YByIjIy0bIzQZPXIcHhRXNhsvAwMCAy9rNhcKKBg6BQ03Klo2KUoXARUiLz86KgoyGC0kGR8rX3oRDQAdFBMSOj86CjweLRkPNTlbdS4sPVcXJQpnLBsnPDcpNAM5Ylt1Li8fCQETT2srG2YVIgwbOD8fOHJzGBMNDx8UIlsRIUMdCzQsPDcCeiYfAF8wHCI1GxYYFRMkcTw9Fl8vfx8TPHYcFDpaBhMOMCIqCT0eL3MlNwAodAciPlgCDB4wDCk8MDcvZSEJPQAzdi8bWBUTORsbC3sw","fqdn":"ereedmadehimal.org","domain":"ereedmadehimal.org","tld":"org"},"ip":{"addr":"13.33.235.17","port":443,"asn":0,"as":"","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.419Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ereedmadehimal.org","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Sun, 24 Aug 2025 00:00:00 GMT","end":"Tue, 22 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"44:33:67:97:CD:3A:4A:7F:AA:8B:EF:60:BC:A4:20:FC:4F:C1:BD:FB","sha256":"62:37:AD:FC:93:0D:BC:FA:55:E2:16:00:A8:B9:3E:9E:21:7A:D5:04:98:DD:55:8A:33:0B:E6:4D:BE:49:21:63"}}},"request":{"raw":"GET /bkNLelIPISgXbQ9+KVwnHC92X2AoZnk8Nl8le08kHHA4ECEbOnxUMQIsPh40HCwlDnwAJj9fYCgUGC4AJCJ7HSM5Oig0NhRyLzYENDsuKypbGyVPJDwHODUeABEaIBAGLgI8JhgCHwk/OSknLRo/AggyKCMPCj8XLBQ8MCQ/BwYqNjYoGDADAS4HHT4YByIjIy0bIzQZPXIcHhRXNhsvAwMCAy9rNhcKKBg6BQ03Klo2KUoXARUiLz86KgoyGC0kGR8rX3oRDQAdFBMSOj86CjweLRkPNTlbdS4sPVcXJQpnLBsnPDcpNAM5Ylt1Li8fCQETT2srG2YVIgwbOD8fOHJzGBMNDx8UIlsRIUMdCzQsPDcCeiYfAF8wHCI1GxYYFRMkcTw9Fl8vfx8TPHYcFDpaBhMOMCIqCT0eL3MlNwAodAciPlgCDB4wDCk8MDcvZSEJPQAzdi8bWBUTORsbC3sw HTTP/1.1\r\nHost: ereedmadehimal.org\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/html\r\ncontent-length: 1205\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\naccept-ch: DPR, Width, Viewport-Width, Device-Memory, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List\r\nset-cookie: AWSALB=Cnz5gBKtvzg4iL2OiqW3aXXf1VGxHkDnkg5c70epc5YaS1p1Da2kqoAn4gG2Zyvvwg5h8/AYX0OtcgLPIMov2U9IZfFu94iV2YRA8putNGE3KiCaonvzn3kGcEuB; Expires=Wed, 24 Sep 2025 20:37:25 GMT; Path=/\nAWSALBCORS=Cnz5gBKtvzg4iL2OiqW3aXXf1VGxHkDnkg5c70epc5YaS1p1Da2kqoAn4gG2Zyvvwg5h8/AYX0OtcgLPIMov2U9IZfFu94iV2YRA8putNGE3KiCaonvzn3kGcEuB; Expires=Wed, 24 Sep 2025 20:37:25 GMT; Path=/; SameSite=None\r\nserver: openresty/1.17.8.2\r\ncache-control: no-store, no-cache, must-revalidate, no-transform\r\npragma: no-cache\r\np3p: CP=\"NID DSP ALL COR\"\r\ncontent-encoding: gzip\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 ada11e6ef81f652681151e34b5c39164.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: HEL51-P7\r\nx-amz-cf-id: JUlGJkEWB8nm5GVTK5zZXFkyEq_fqLTrrxIWyYuX6j-7ZKFNTlU82A==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"OpenResty:1.17.8.2","description":"OpenResty is a web platform based on nginx which can run Lua scripts using its LuaJIT engine.","website":"https://openresty.org","common_platform_enumeration":"","icon":"OpenResty.svg","categories":["Web servers"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Amazon ALB","description":"Amazon Application Load Balancer (ALB) distributes incoming application traffic to increase availability and support content-based routing.","website":"https://aws.amazon.com/elasticloadbalancing/","common_platform_enumeration":"","icon":"Amazon ELB.svg","categories":["Load balancers"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":3056,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (3056), with no line terminators","md5":"098b9ebcc02cdb554c230c5405eaa67e","sha1":"deb7180bf6e40c16ed7d1b344c47d8496b209b2c","sha256":"f674eadb83f135b03325c81fac49fdfa3ebc3ebd82c9e13dd835da0415aeb91d","sha512":"4ad2fc702b3753ff381eb5d6d44294642714dc96127c2fe07e450e105d12858740b18f9c7da29ed75424e6555f093066c50ed7cc4bca126e718fde2368aa8921","ssdeep":"","tlshash":"1251008e34f3a082c2f66065542bb99afa385a95834ccb14867d96bcbc705ed6317f4c","first_seen":"2025-09-17T20:41:59.961863Z","last_seen":"2025-09-17T20:41:59.961863Z","times_seen":1,"resource_available":false,"data":null}},"time_used":324,"timings":{"blocked":93,"dns":37,"connect":19,"send":0,"wait":144,"receive":1,"ssl":27},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.945Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:38:01 GMT","end":"Mon, 01 Dec 2025 08:38:00 GMT"},"fingerprint":{"sha1":"50:D2:49:3C:F8:95:11:7F:74:11:C6:30:B6:82:0C:F4:34:21:2E:47","sha256":"EA:D4:6B:60:2A:3C:4B:39:32:39:92:5B:56:98:4B:5B:00:E5:93:5E:BA:66:43:BD:89:DE:10:FF:76:70:E1:53"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=youtube HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:SEm-OVxH-2JSO5VJu7qSchjXQE0yxg:HBSsfBlsfjNb2Mqa; Expires=Fri, 17-Sep-2027 20:37:26 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AfYwgwVQY5gQkEO033ybhqi9_XVjx2SA29yIF_F53aKrQ4_VHnLKMJN-uCZmfXtSh62tlPdLhsmg\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-0uXAhlTWSlQ-fTiU9wYYYw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-opener-policy: unsafe-none\r\ncross-origin-resource-policy: cross-origin\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":196,"timings":{"blocked":83,"dns":0,"connect":17,"send":0,"wait":24,"receive":0,"ssl":69},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d-s.io/favicon.ico","fqdn":"d-s.io","domain":"d-s.io","tld":"io"},"ip":{"addr":"104.26.4.34","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.949Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"d-s.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 28 Jul 2025 17:31:26 GMT","end":"Sun, 26 Oct 2025 18:31:21 GMT"},"fingerprint":{"sha1":"A5:9E:DD:39:BC:D0:D3:1C:5E:0F:69:58:0D:36:54:CB:A5:E3:E6:F9","sha256":"74:2B:9E:A8:87:1C:98:DA:61:BF:3B:46:A9:98:6B:CA:C3:3E:03:0C:40:B8:5E:77:ED:50:9C:BA:76:DA:D8:B4"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: d-s.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/f/\r\nCookie: lang=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: image/x-icon\r\ncontent-length: 15406\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 03 Jan 2022 15:38:36 GMT\r\netag: \"61d3187c-3c2e\"\r\nexpires: Sun, 28 Sep 2025 04:59:53 GMT\r\ncache-control: public, max-age=2592000, no-transform\r\naccess-control-allow-origin: *\r\ncf-cache-status: HIT\r\nx-accel-buffering: yes\r\nage: 1697852\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=y9w3bPtRtwYeQ3uB37YfYD7Uzk7pnUACcOQeGP8bv53y48PkYRoz3Zfj7sPeVsosEWPIOnRCc8yg8H%2B%2FR4o6oliBKQ%3D%3D\"}]}\r\nvary: accept-encoding\r\naccept-ranges: bytes\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-ray: 980b66c50f3c7131-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":15406,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel","md5":"30d3656f43c817e38c3e7d70b2bfbdad","sha1":"1aa43b43755e7cba5e145d0978517f7bedad7da6","sha256":"a558a4796f60f07743027eec96b538b2e7758cca8c544ed796ff745837478555","sha512":"75b17478d6d98ab14fd4d37d58c9484df68bc3ccc6d26897527eb565d4071c4b7128feb0f65449ce369c99bf12da97959426c5b03256e9782ee472cea81bbef5","ssdeep":"24:nG2q35msJnnnnnnnnnnslLD4zgxgJ0Oqr5646dUlZIJ/KuJmy81DwlJ8SAFf9tam:NBOzgxgJ0Z44Pi1Yy8+fVGfyfqxtb/","tlshash":"14623db4790b1355da125df9dca9ce66834cbe9b1a38029fb154febc306b4c74e18831","first_seen":"2023-04-05T18:53:41Z","last_seen":"2026-05-08T13:47:37.083899Z","times_seen":3641,"resource_available":false,"data":null}},"time_used":23,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":20,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AfYwgwVQY5gQkEO033ybhqi9_XVjx2SA29yIF_F53aKrQ4_VHnLKMJN-uCZmfXtSh62tlPdLhsmg","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:26.117Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:38:01 GMT","end":"Mon, 01 Dec 2025 08:38:00 GMT"},"fingerprint":{"sha1":"50:D2:49:3C:F8:95:11:7F:74:11:C6:30:B6:82:0C:F4:34:21:2E:47","sha256":"EA:D4:6B:60:2A:3C:4B:39:32:39:92:5B:56:98:4B:5B:00:E5:93:5E:BA:66:43:BD:89:DE:10:FF:76:70:E1:53"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://www.youtube.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026ifkv=AfYwgwVQY5gQkEO033ybhqi9_XVjx2SA29yIF_F53aKrQ4_VHnLKMJN-uCZmfXtSh62tlPdLhsmg HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:0S-h2uwRas5ToOf6yLuxOAjHuawVHw:aA81C5b2KFFzwOzG;Path=/;Expires=Fri, 17-Sep-2027 20:37:26 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Fwww.youtube.com%2Ffavicon.ico\u0026hl=en\u0026ifkv=AfYwgwUor825dBCUq8legbf_uBsgqSMjkrb7UrcTK2vjOWR8fkE1U0g3iv1o4F9_aSqzQj4luotN\u0026passive=true\u0026service=youtube\u0026uilel=3\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026dsh=S-703681525%3A1758141446117558\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-DMxWGzy5InTLS13iKV7K1w' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 415\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":34,"timings":{"blocked":3,"dns":0,"connect":0,"send":0,"wait":31,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"d1f05vr3sjsuy7.cloudfront.net/?srvfd=908056","fqdn":"d1f05vr3sjsuy7.cloudfront.net","domain":"d1f05vr3sjsuy7.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.245.227","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:24.933Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /?srvfd=908056 HTTP/1.1\r\nHost: d1f05vr3sjsuy7.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-length: 106733\r\naccess-control-allow-origin: *\r\ncache-control: no-store, no-cache, proxy-revalidate, must-revalidate, private, no-transform\r\ncontent-encoding: gzip\r\npragma: no-cache\r\ndate: Wed, 17 Sep 2025 20:37:24 GMT\r\nx-cache: Miss from cloudfront\r\nvia: 1.1 a343e36742f64defd0a2caf1f96ff772.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: mqzX7Mnv_8ga8aEkhxq6b7NLfnhfVfwki1txxeHXebO5e-CGhPo66w==\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":320377,"size_decoded":0,"mime_type":"text/plain","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (38488)","md5":"ffbfbed3e5b3cf1d370b2e233b861cdd","sha1":"6568c3954d62f3aa32379a73125ec8fe7bb5f123","sha256":"243f8621ee59342ac0f42143b76c176ba455f2c732559b555eea7347c4b6d34f","sha512":"64edfa72da9dc7a16a94575145113217f5ade9681ce00c89f98c52811ae3039beecba9e259c197f2c7069963e447ab1d066bbcb6ba17dcf1d1f229974b1f4684","ssdeep":"3072:XBUNPgDYzi07L02raYDbe+Y5UKS+7L0x2iUcLqg1Lm6b24VyvvKjmC+Zc53+Zc0u:XuN4DUi07w2rnXt39pVqxZU3+iAS","tlshash":"9b644c89ba923529836374b540bf634ab23f4569bc0849d4f096e4d07db8e49437ffac","first_seen":"2025-09-17T20:41:59.964685Z","last_seen":"2025-09-17T20:41:59.964685Z","times_seen":1,"resource_available":false,"data":null}},"time_used":480,"timings":{"blocked":76,"dns":52,"connect":1,"send":0,"wait":178,"receive":144,"ssl":26},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"d1f05vr3sjsuy7.cloudfront.net","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"i.doodcdn.io/theme_2/fonts/avertastd-black-webfont.woff2","fqdn":"i.doodcdn.io","domain":"doodcdn.io","tld":"io"},"ip":{"addr":"172.67.75.50","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.195Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"doodcdn.io","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 30 Aug 2025 08:23:08 GMT","end":"Fri, 28 Nov 2025 09:22:48 GMT"},"fingerprint":{"sha1":"41:A0:19:94:CC:EF:97:7B:BF:7D:F2:CD:0C:F4:BC:70:B7:10:69:B3","sha256":"7A:BC:65:69:BD:92:44:70:8B:39:07:C2:CB:6A:FC:86:3D:6C:53:7F:45:1D:B9:98:D8:F3:22:77:EA:BA:2F:7E"}}},"request":{"raw":"GET /theme_2/fonts/avertastd-black-webfont.woff2 HTTP/1.1\r\nHost: i.doodcdn.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://i.doodcdn.io/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: font/woff2\r\ncontent-length: 22820\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nlast-modified: Mon, 03 Jan 2022 15:43:40 GMT\r\ncache-control: max-age=2592000\r\nexpires: Thu, 16 Oct 2025 03:24:27 GMT\r\nvary: User-Agent,Accept-Encoding\r\naccess-control-allow-origin: *\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=HoZJlsBe71kAMLxECzWZaonHCFGJDb%2BYlXEegzmJ3DbzIJkY3MafF0jXVcPzBSlGG2uKEfvEkxf1zerTgHE0dPgu0EnhbQsbGXlb\"}]}\r\nspeculation-rules: \"/cdn-cgi/speculation\"\r\ncf-cache-status: HIT\r\nx-accel-buffering: yes\r\nage: 66145\r\naccept-ranges: bytes\r\ncf-ray: 980b66c059ed120a-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":22820,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 22820, version 1.0","md5":"1e976387cb594982692bdbdffde86f91","sha1":"9546836a7d80c17d85cdd37a9553852f00af031b","sha256":"4dc982a61a00481f4c9545f9f2da64098428b4aec96838de3c194fa82373ce1d","sha512":"f63f58e1dfe0c08f3c262ef14bd4567c8604873486b50ce31d4d1db8976926f0bb65ffd792181144da049f74a362d52114277bedd5fd75f5b067aa2269c95155","ssdeep":"384:Dmtr9L0ILBYhzpVK87bfeTGzgdLN0vdCmyfA+IUF9/LgLnq/g4J6:DO9L/BYhdQSDea0/Dm9NUTMbqIm6","tlshash":"dfa2d0eef042f863db1207a4857f222187b7a8ec41021d13fe2f6259d4a1d456db2db7","first_seen":"2023-04-08T19:13:00Z","last_seen":"2026-05-08T13:29:35.148751Z","times_seen":1547,"resource_available":false,"data":null}},"time_used":16,"timings":{"blocked":0,"dns":1,"connect":0,"send":0,"wait":12,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"undefined/VGhTYnY1CjAPSTVVMUQDJgRuR0QSTWEkEmUOY1cAJlsgCAUhEWRMFTgHJgYQJgc9Flg6DSdHRBItHjUzZgwWUyUQBDQxFT89GjcdOFgRDiMRORtWLhE9AjA9Ix8VJQEwAgQjQgUgOVcTEFgJKD9lHwA6Hw1eAiAVET05DjoWOScnF2VYEjU0Gh8VFSQNLmAjNwZZMDM6IxAFJzcRGxcjDg4sOjASED43MBBnDAYlMwYHElMzMSkqMBAWPjgmJjw6ByAeO10VJDsTOgtSEAE6HSoyLDoHIBEZAwtTFRc9C1cMBikBJzgFDAUnRjc4FSQ7Eyo5ESMBBn4GMDIPBTI0OFk8I0cSOhYxQzUsOywxFx8dMDRkOmojMBEgBjpOFipiWjEfLjAtIjgudlAwMFkSJCcTJREwRhoiNSNQPhs8DAZpBj4RHgYfIhRE","fqdn":"undefined","domain":"undefined","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"subdocument","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.473Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /VGhTYnY1CjAPSTVVMUQDJgRuR0QSTWEkEmUOY1cAJlsgCAUhEWRMFTgHJgYQJgc9Flg6DSdHRBItHjUzZgwWUyUQBDQxFT89GjcdOFgRDiMRORtWLhE9AjA9Ix8VJQEwAgQjQgUgOVcTEFgJKD9lHwA6Hw1eAiAVET05DjoWOScnF2VYEjU0Gh8VFSQNLmAjNwZZMDM6IxAFJzcRGxcjDg4sOjASED43MBBnDAYlMwYHElMzMSkqMBAWPjgmJjw6ByAeO10VJDsTOgtSEAE6HSoyLDoHIBEZAwtTFRc9C1cMBikBJzgFDAUnRjc4FSQ7Eyo5ESMBBn4GMDIPBTI0OFk8I0cSOhYxQzUsOywxFx8dMDRkOmojMBEgBjpOFipiWjEfLjAtIjgudlAwMFkSJCcTJREwRhoiNSNQPhs8DAZpBj4RHgYfIhRE HTTP/1.1\r\nHost: undefined\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: iframe\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"undefined","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-09-17","alert":"Sinkholed","trigger":"undefined","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.blockadsnot.com/baja.min.css","fqdn":"www.blockadsnot.com","domain":"blockadsnot.com","tld":"com"},"ip":{"addr":"185.76.9.27","port":443,"asn":60068,"as":"Datacamp Limited","country":"Sweden","country_code":"SE"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1158060716.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E7","organization":"Let's Encrypt"},"validity":{"start":"Wed, 03 Sep 2025 10:34:08 GMT","end":"Tue, 02 Dec 2025 10:34:07 GMT"},"fingerprint":{"sha1":"60:CF:7E:2C:6E:13:F4:1E:36:B3:30:14:19:AC:C6:DE:E9:70:38:19","sha256":"7F:D2:92:27:FA:D2:49:61:62:FD:66:63:E6:23:41:B9:C3:73:FA:A2:9C:04:2D:0D:01:BD:C9:65:72:34:16:4F"}}},"request":{"raw":"GET /baja.min.css HTTP/1.1\r\nHost: www.blockadsnot.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:25 GMT\r\ncontent-type: application/x-javascript\r\npopads-node: wb9\r\nexpires: Wed, 24 Sep 2025 18:32:01 GMT\r\naccess-control-allow-origin: https://d-s.io\r\nlink: \u003chttps://blockadsnot.com/\u003e;rel=preconnect\r\ncache-control: public, max-age=604800\r\nx-77-nzt: EwwBuUwJGwH3Yh0AAAgBuUwKEwFBDAHDta8CAbcCAAAA\r\nx-77-nzt-ray: fdb541239f7da89a051ccb68bf46cb1e\r\nx-77-cache: HIT\r\nx-77-age: 7522\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: stockholmSE\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":41934,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (1568)","md5":"caa43968930b7910e7ffc949567e1a08","sha1":"9aa54bfc8750ca9758fc990d8db6cab89f3824ba","sha256":"2ef6e7ca477adec78def215404c4d5d62aedf54a0e888a9373216a48d819b22f","sha512":"3734e98de49bbea5513c3c6421769237bd60c2bc31667751a09bc7d1778de552b2c932927ff848c79925611bd992b84b1e7396e84f08b7c748a94e686632969f","ssdeep":"768:bt9rqAYKKKZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCOoCntlqorf:bbJZzFQ9JsTgZvfzmMzhYrTscpVZl","tlshash":"341329aab286282601e741ba503eb317b233051679129458fcb9cdf96e3ddc6117b7fc","first_seen":"2025-09-17T20:41:59.968191Z","last_seen":"2025-09-22T17:58:31.394791Z","times_seen":2,"resource_available":true,"data":null}},"time_used":110,"timings":{"blocked":52,"dns":15,"connect":7,"send":0,"wait":8,"receive":0,"ssl":24},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"64.233.161.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.944Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 08 Sep 2025 08:38:01 GMT","end":"Mon, 01 Dec 2025 08:38:00 GMT"},"fingerprint":{"sha1":"50:D2:49:3C:F8:95:11:7F:74:11:C6:30:B6:82:0C:F4:34:21:2E:47","sha256":"EA:D4:6B:60:2A:3C:4B:39:32:39:92:5B:56:98:4B:5B:00:E5:93:5E:BA:66:43:BD:89:DE:10:FF:76:70:E1:53"}}},"request":{"raw":"GET /ServiceLogin?passive=true\u0026continue=https%3A%2F%2Fwww.google.com%2Ffavicon.ico\u0026uilel=3\u0026hl=en\u0026service=mail HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://d-s.io/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:3OQCkIEqCYABEoZCSz1_tQwcIpSH6Q:0_EESBjIhwWR3S0T; Expires=Fri, 17-Sep-2027 20:37:26 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://www.google.com/favicon.ico\u0026hl=en\u0026passive=true\u0026service=mail\u0026uilel=3\u0026ifkv=AfYwgwWdfyof70p2JoZTegRIxFBiaL8PX0v7QYKoPzOFZ6euLjDrgyKsqKH4m35xmluMCOT1HQ-t\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy: script-src 'nonce-oqH0PL54TPAd2a_cpSfFRw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist, require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\ncross-origin-opener-policy: unsafe-none\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-05-08T15:53:20.525245Z","times_seen":14844059,"resource_available":true,"data":null}},"time_used":206,"timings":{"blocked":88,"dns":0,"connect":14,"send":0,"wait":26,"receive":0,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ukankingwithea.com/","fqdn":"ukankingwithea.com","domain":"ukankingwithea.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"fetch","requested_by":"https://d-s.io/f/","date":"2025-09-17T20:37:25.952Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"ukankingwithea.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Mon, 25 Aug 2025 14:13:33 GMT","end":"Sun, 23 Nov 2025 15:11:16 GMT"},"fingerprint":{"sha1":"1A:11:63:8A:09:D9:A9:1F:C1:06:34:29:E0:E0:95:E7:BA:BC:63:A3","sha256":"20:A6:48:1D:DB:42:37:88:BF:13:AD:64:91:6B:C4:6D:02:EA:D4:98:E1:E5:88:85:C0:D3:03:48:B4:F1:11:49"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: ukankingwithea.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://d-s.io/\r\nOrigin: https://d-s.io\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 17 Sep 2025 20:37:26 GMT\r\ncontent-type: text/plain\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\naccess-control-allow-origin: https://d-s.io\r\naccess-control-allow-credentials: true\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: X-Requested-With, content-type\r\ncf-cache-status: DYNAMIC\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dj1NQr4wD7v%2Bg9qelQ7rUaYoR4MwWWENxoMRxT5sYZskZ6g6YhPSdF%2BrUPK1XWGLP1qJTCq%2BCdPuS%2Bzm%2BB043KzAv9jxJ8BbcqolgH1xYhg%3D\"}]}\r\ncontent-encoding: br\r\nset-cookie: csu=1432601879259654@1@1758141446; SameSite=None; Secure; Max-Age=31104000\r\ncf-ray: 980b66c59a7556aa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":27,"size_decoded":0,"mime_type":"text/plain","magic":"ASCII text, with no line terminators","md5":"bb46ee2fca9abe7d63127fea142293d3","sha1":"66047d4bed0698bd42006403c4d1c4a69bee5578","sha256":"0bad336580d83ee38d977de922486ea19fd716d9df28475c5882cbf49dacbf8a","sha512":"272308c50f7885b1559f188435aa4ecad59b9ba2862f862138245a3175a7c4ef53b58736809021253780c8d86d7c321abc0e2387b94d218b072b5c2fdeae3c72","ssdeep":"","tlshash":"69800028ea8002e28280b8820008200220208008a82ecb0ea822a0002022208a0c3b08","first_seen":"2025-09-17T20:41:59.970726Z","last_seen":"2025-09-17T20:41:59.970726Z","times_seen":1,"resource_available":false,"data":null}},"time_used":297,"timings":{"blocked":83,"dns":30,"connect":1,"send":0,"wait":128,"receive":0,"ssl":46},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}