{"report_id":"6d4ef0b1-45d7-4ece-a2a2-a5383fac6176","version":6,"status":"done","tags":[],"date":"2026-02-26T14:59:12Z","url":{"schema":"http","addr":"buxgifts.click","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":0,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"final":{"url":{"schema":"https","addr":"buxgifts.click/","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"title":"Add Robux","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"buxgifts.click","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":0,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-04-02T14:59:12Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":5}},"detection":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"buxgifts.click","ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"domain_registered":"2026-01-05","domain_rank":0,"first_seen":"2026-02-26T14:59:12.516401Z","last_seen":"2026-02-26T14:59:12.516401Z","alert_count":65,"request_count":13,"received_data":556668,"sent_data":5720,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]},{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:2.1.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"particles.js","description":"Particles.js is a JavaScript library for creating particles.","website":"https://github.com/VincentGarreau/particles.js","common_platform_enumeration":"","icon":"","categories":["JavaScript graphics"]},{"name":"PHP:7.2.34","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"cdn.linearicons.com","ip":{"addr":"138.199.37.231","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"domain_registered":"2013-12-10","domain_rank":393482,"first_seen":"2016-09-23T07:43:41Z","last_seen":"2026-02-20T08:01:15.121574Z","alert_count":0,"request_count":1,"received_data":8268,"sent_data":449,"comment":"","tags":null,"fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-02-22T22:18:02.864626Z","alert_count":0,"request_count":2,"received_data":30531,"sent_data":951,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"ajax.googleapis.com","ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":3691,"first_seen":"2012-05-22T10:38:03Z","last_seen":"2026-02-22T23:01:24.734653Z","alert_count":0,"request_count":1,"received_data":85366,"sent_data":443,"comment":"","tags":null,"fingerprints":null},{"fqdn":"da4talg8ap14y.cloudfront.net","ip":{"addr":"54.230.241.17","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2008-04-25","domain_rank":0,"first_seen":"2025-11-23T12:28:41.934647Z","last_seen":"2026-02-21T23:46:32.506038Z","alert_count":0,"request_count":1,"received_data":27798,"sent_data":426,"comment":"","tags":null,"fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-02-22T22:14:59.650342Z","alert_count":0,"request_count":5,"received_data":392420,"sent_data":2762,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2026-02-22T22:27:51.54973Z","alert_count":0,"request_count":2,"received_data":139812,"sent_data":1049,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":null,"eval":null,"write":null,"console":null},"http":[{"url":{"schema":"https","addr":"buxgifts.click/assets/css/bootstrap.min.css","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.484Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/css/bootstrap.min.css HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 05 Mar 2026 14:58:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 19930\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":153111,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (65300)","md5":"bbf4700154b05c5746c74bd564a029a0","sha1":"ab7488a15c939ad7c54aad790430b7b9a2d77eae","sha256":"0267260045096457f26914277f49eef5da5ec54ac6aee8579be4810332e518b6","sha512":"b61a21daf781df9a239408726190b479aced4c0521c4bbd26655ab36d955d359e3aacfd4758df8db5260ee55f41aaf5245d19541e2fcc5e069f71d483f22f5c1","ssdeep":"1536:TtfJxYrkplD+sEBpy0cuJc222DWg5SNVUpz600I4fS:TtfJ1NVUpz600I4fS","tlshash":"40e383dbf581241dd4a7c219a4d1bffd052f5686e3025eabb0277bb88b492c70963e4c","first_seen":"2023-04-05T06:29:21Z","last_seen":"2026-06-07T03:25:45.898568Z","times_seen":1295,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/css/animate.min.css","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.486Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/css/animate.min.css HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 05 Mar 2026 14:58:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 4828\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":71750,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (65348)","md5":"c0be8e53226ac34833fd9b5dbc01ebc5","sha1":"b81ef1b22de26af8a7a4656f565fbc91a69d7518","sha256":"5fbaeb9f8e25d7e0143bae61d4b1802c16ce7390b96ceb2d498b0d96ff4c853f","sha512":"738daa4d2c3fc0f677ff92c1cc3f81c397fb6d2176a31a2eeb011bf88fe5a9e68a57914321f32fbd1a7bef6cb88dc24b2ae1943a96c931d83f053979d1f25803","ssdeep":"1536:h6uNQ3fdPwwanleMf72yMPkZ8PFwh1nAukdDO3Xyr5Ir5eh0dTo:AkZgwh1nAukdDO3Xyr5Ir5eh0dTo","tlshash":"a66329ae4891128990230f6787cd5ea84b3dc6a355721cee33552c0b8b46fee73de617","first_seen":"2023-04-05T05:17:37Z","last_seen":"2026-06-07T15:14:17.712504Z","times_seen":29939,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":87,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/css/a-c-c1.css","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.495Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/css/a-c-c1.css HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 05 Mar 2026 14:58:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 437\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1134,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"4bf396f5cc23434d72b75a79747a86d7","sha1":"24fe2581460a181b19c8eff35d30e3f2121a5e0a","sha256":"48ff3b1d77cd903c710321a1c72b0f8781b680063fe0cf6af97742b8f289ff4a","sha512":"0b204fe46463d70127dc36703d714a9f138114d3412243275d92d846f3cd2722a03179fe26591aa15743adfde7a7c1c271aad778de00eea85b6e24e3136e8c18","ssdeep":"","tlshash":"9821796ab08610def35287d7ba39c220ea5ca1bee808c72db53d94ed631309894b3506","first_seen":"2025-08-13T10:44:08.443025Z","last_seen":"2026-05-31T15:10:14.261642Z","times_seen":75,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/js/main.js","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.507Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/js/main.js HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3828\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":19159,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with CRLF line terminators","md5":"fe7166285f2074b1c4ffb3667bb99889","sha1":"3c7a69b2672a5db7e883640cb105ee6ab9018ac4","sha256":"08a53a61a946eb98ac84d93c834b5cce62cae1ce154fb445b77fcf8c0e11acaf","sha512":"12ed67c9d48a62ff67ad22e2273fd746ca1a09f942470b74f78deda2dc4da188e1e70e3b73dbf849cbc56649b597b0810bf2f8d958c3b1f61b3adf389dae82dd","ssdeep":"384:UnJi5ZOtw2RwFZE5+U62IgH1a010ytpfJl50mM4B:vKNw0+U62jH4010gj50mMc","tlshash":"688230a1732d54bba3b77363403f855aec3de872840201fafa7c644c6b74954a326d6e","first_seen":"2023-03-10T21:16:50Z","last_seen":"2026-06-07T00:37:47.048263Z","times_seen":102,"resource_available":false,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/img/bg-o.png","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.711Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/img/bg-o.png HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 05 Mar 2026 14:58:49 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-length: 187578\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":187578,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 2560 x 1440, 8-bit/color RGBA, non-interlaced","md5":"f945d2afc2b7aa925edd1b6f331e4a11","sha1":"cfa1c52233dc36a3aa3a22d015375307c0e31835","sha256":"51f5b8d58b05a88e8e1a22a846cec02ffa934615be00ef16fffe35886f1c7169","sha512":"6c7b1ffd3b7056e0cc962aae846a2b298e0ac9874075268fd5538eef78778424fc74d64917bbcbfd0857e3c51e023bb832e9a35e2d11a67c28b7659b6eb368ad","ssdeep":"3072:5/z5kztq2wIvqZMglvDV42QWaZ3WOQgHHiN1lH2X16itcm0wAL3z6zQh+GtSMMG+:5riJFjvqZ3BFQWDFgHHiDl06xJDCQh+f","tlshash":"a704027cdb42dc654192c80cbffd3adad1636778c867fcf0587e920842951b8a12aadd","first_seen":"2025-01-01T22:41:18.106178Z","last_seen":"2026-05-31T15:10:14.249099Z","times_seen":90,"resource_available":false,"data":null}},"time_used":88,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":42,"receive":46,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/img/favicon.ico","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:50.613Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/img/favicon.ico HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 05 Mar 2026 14:58:50 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 388\r\ndate: Thu, 26 Feb 2026 14:58:50 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":1150,"size_decoded":0,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel","md5":"5e509e89186ee42ee1269373e7b12c56","sha1":"886395ae03deadf87f91fc2490b88caffc3ede2d","sha256":"7ca19be4423bb99022525535385395d4afa5afc8ab993c6549d445321c2e4f4b","sha512":"6f6c43a911843c030f41ed28674fe4961a9fb5df8f5ff16802038449362e62e5ee15bc8b9b1792ee8d697058da0b593c6cc06e5958bcdce2c50b4dffd2661c6c","ssdeep":"","tlshash":"9e2194285d2e0a0cf2a7daff62026b434092c82b93f00ad727f110cd5c5b3c02870e59","first_seen":"2023-10-16T03:19:12Z","last_seen":"2026-06-07T00:37:47.031648Z","times_seen":110,"resource_available":false,"data":null}},"time_used":43,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":43,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.linearicons.com/free/1.0.0/icon-font.min.css","fqdn":"cdn.linearicons.com","domain":"linearicons.com","tld":"com"},"ip":{"addr":"138.199.37.231","port":443,"asn":60068,"as":"Datacamp Limited","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.473Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.linearicons.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 26 Jan 2026 22:03:52 GMT","end":"Sun, 26 Apr 2026 22:03:51 GMT"},"fingerprint":{"sha1":"52:57:A1:8D:7C:55:B2:06:08:EF:40:9D:F5:E1:BC:1D:E5:99:0F:86","sha256":"F1:3A:0B:BD:19:C8:5D:F7:D2:5A:DB:84:85:76:CC:91:0F:5E:DD:A6:89:00:10:51:8F:10:EC:8F:BA:46:99:A2"}}},"request":{"raw":"GET /free/1.0.0/icon-font.min.css HTTP/1.1\r\nHost: cdn.linearicons.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\ncontent-type: text/css\r\nserver: BunnyCDN-DE1-863\r\ncdn-pullzone: 1459430\r\ncdn-requestcountrycode: NO\r\nvary: Accept-Encoding\r\naccess-control-allow-origin: *\r\naccess-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\naccess-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match\r\ncache-control: public, max-age=31919000\r\ncontent-encoding: br\r\netag: \"ec26292e52e5bc20624b029974bd0adf\"\r\nlast-modified: Wed, 07 Jun 2023 23:52:14 GMT\r\ncdn-proxyver: 1.41\r\ncdn-requestpullcode: 200\r\ncdn-requestpullsuccess: True\r\ncdn-edgestorageid: 1048\r\ncdn-cachedat: 12/02/2025 21:54:02\r\ncdn-status: 200\r\ncdn-requesttime: 0\r\ncdn-requestid: 8e31af323c12f56044b7af2cebac3dbb\r\ncdn-cache: HIT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bunny","description":"","website":"https://bunny.net","common_platform_enumeration":"","icon":"Bunny.svg","categories":["CDN"]}],"data":{"size":7354,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7191)","md5":"ec26292e52e5bc20624b029974bd0adf","sha1":"3756375bb053b0f3f62303597d844f70cef1b5e0","sha256":"31ca8fc4bb190118851959f282909af4a8f6e782b69dcfbe00094ffc010878b3","sha512":"282b62aa79bd9b407cd3241be6629e8aca4f19331ecbf33a6d3c7fa7dea507ed507a729eaecea7f519b6967387bb97f3af0a3f6fe803d9f418441b9cf7a7820e","ssdeep":"96:udwakAhvZFamB/0/Q5pcK2kb2IYT4naMq4kIaVBX1j2qLQ:udwabhvZFdBhocqIYT4faVBX11k","tlshash":"3ae1ece6e44964ccb7b1c813b389a78964eab134d9410e52f45fb51e2cf126b2ec4f78","first_seen":"2023-04-05T15:00:08Z","last_seen":"2026-06-07T05:23:57.271929Z","times_seen":2379,"resource_available":false,"data":null}},"time_used":218,"timings":{"blocked":91,"dns":52,"connect":22,"send":0,"wait":23,"receive":0,"ssl":28},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700;900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.483Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /css2?family=Roboto:wght@300;400;500;700;900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 26 Feb 2026 14:58:49 GMT\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":27925,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"3cea73386a7e4118d4e8d76e2356214f","sha1":"6e1e2ab940cf199d4c8162819f251aba86bba70a","sha256":"9797b7049e90dce53a98bc42da75f326448da5ef73d3229a428eff4b6435c7b9","sha512":"d74e227ac5969d5ff681f542495a425b7a23119a47dda5bdda46b8bad4bd14eaf0fe139ffdb00e2a11a764bbdcb813da9eac0a9b476228c214876184a62f2284","ssdeep":"768:pDS99YURRuWDyjooYhREHPM5svvYaR7AIWP2ZZYQRVKyg1A77YGRvsk8:pyllff","tlshash":"41c210a1041744009b838ce223cebf35fe1f52117142d0b5abfd9b6baddbca6526936d","first_seen":"2026-02-20T02:22:43.631773Z","last_seen":"2026-06-07T13:59:18.220194Z","times_seen":1880,"resource_available":false,"data":null}},"time_used":201,"timings":{"blocked":78,"dns":0,"connect":9,"send":0,"wait":23,"receive":0,"ssl":88},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/css/style.css","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.493Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/css/style.css HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 05 Mar 2026 14:58:49 GMT\r\ncontent-type: text/css\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3924\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":20722,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with CRLF line terminators","md5":"9088128617b3b9d5ae5c431441cb4941","sha1":"8ca73cae523d335491c42c76bdc111f26994aacb","sha256":"e0ad316b0d6f12e5663362cdfb3892fc40eb9d817a42e0940b5e2cffe0e29654","sha512":"c64b89687fe4d95cd11779c4b4543e133784d0a8aa7f19b8dc717a6483e119c2f6b02d080c97e0aca61a0671c9fcf3dfe25bcd5f14a3a68d999198e1913602e8","ssdeep":"384:QW0sTfrKKadlh0IgXDPu++h51o6eB3BsUC5j1hRjpKN/KDJDeuK6pyG4zDGJPIxL:z0sTfrKKadlh0IgXDPu++h51o6eB3BsW","tlshash":"1e92426abd14204ca356e7a63fb41fb1dd6884636a0700ffe1a2294cd2d747c62be7d1","first_seen":"2023-10-16T03:19:12Z","last_seen":"2026-06-07T00:37:47.007799Z","times_seen":115,"resource_available":false,"data":null}},"time_used":84,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":84,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js","fqdn":"ajax.googleapis.com","domain":"ajax.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.74","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.499Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:07 GMT","end":"Mon, 27 Apr 2026 08:38:06 GMT"},"fingerprint":{"sha1":"6B:DB:3B:B8:9F:A1:8E:49:35:74:D9:D8:24:91:F2:5E:42:56:2F:58","sha256":"37:ED:DF:C4:FB:A3:96:16:9E:47:69:CE:86:A5:35:8E:B5:3A:0B:0B:6A:A1:08:A2:DF:DE:6C:7C:31:BE:94:B1"}}},"request":{"raw":"GET /ajax/libs/jquery/2.1.4/jquery.min.js HTTP/1.1\r\nHost: ajax.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\ncontent-encoding: gzip\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"hosted-libraries-pushers\"\r\nreport-to: {\"group\":\"hosted-libraries-pushers\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 29725\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 23 Feb 2026 09:59:37 GMT\r\nexpires: Tue, 23 Feb 2027 09:59:37 GMT\r\ncache-control: public, max-age=31536000, stale-while-revalidate=2592000\r\nage: 277152\r\nlast-modified: Tue, 03 Mar 2020 19:15:00 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":84380,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"JavaScript source, ASCII text, with very long lines (32025)","md5":"4a356126b9573eb7bd1e9a7494737410","sha1":"8258d046f17dd3c15a5d3984e1868b7b5d1db329","sha256":"22642f202577f0ba2f22cbe56b6cf291a09374487567cd3563e0d2a29f75c0c5","sha512":"005c3102459dbf145df6a858629d6a6de4598fafe24cd989d86170731b0c3b3c304da470cf66bfd935f6db911b723df0857b5ed561906f7f1c5c4e63ed9430de","ssdeep":"1536:/P10iSi65U/dXXeyhzeBuG+HYE0mdkuJO1z6Oy4sh3J1A72BjmN7TwpDKba98HrZ:++414Jiz6fh6lTqya98HrZ","tlshash":"dc83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-06-07T15:35:19.742485Z","times_seen":18797,"resource_available":true,"data":null}},"time_used":227,"timings":{"blocked":86,"dns":3,"connect":19,"send":0,"wait":15,"receive":16,"ssl":83},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/js/particles.min.js","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.504Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/js/particles.min.js HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 5740\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":23372,"size_decoded":0,"mime_type":"text/javascript","magic":"ASCII text, with very long lines (23002), with CRLF line terminators","md5":"08bd8ed926fa216a54b076590a459e67","sha1":"b4d9a963b9200cc77ceaa1bf4a12537a29c0626a","sha256":"e143ea82cbb391479838962ed3a39a9f2319679ddf33e689217d26b0e206d724","sha512":"7f5bf533e4151c0a84bc10909b1ea78ccd16d9f0cff336108e61402ef94df6389972a4ea01926b981cb79747d57512ca6020271b4f5111e72f4b1102b8f2dd73","ssdeep":"384:FkfJtGvWjT6uYvqhCz8wSEHESxtVAFPQcYpeib+9rOEKXWd/:FC7T6uYvn8wRxwyryVOEKXW5","tlshash":"42a2934d23f73e77339ab2e05be9d122c774a4d1399b04b0f93c667da52549201ee7a0","first_seen":"2023-03-07T01:17:29Z","last_seen":"2026-06-07T15:49:50.825731Z","times_seen":2064,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"da4talg8ap14y.cloudfront.net/7ab7b47.js","fqdn":"da4talg8ap14y.cloudfront.net","domain":"da4talg8ap14y.cloudfront.net","tld":"cloudfront.net"},"ip":{"addr":"54.230.241.17","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.508Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.cloudfront.net","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Mon, 05 May 2025 00:00:00 GMT","end":"Thu, 23 Apr 2026 23:59:59 GMT"},"fingerprint":{"sha1":"8F:00:F1:34:A7:1E:27:1C:CF:CD:A6:53:8B:C4:82:B0:68:BC:C8:72","sha256":"60:38:9D:24:9E:41:8F:23:AC:D9:14:5C:A3:47:7E:AF:07:DB:9F:2D:6A:8C:0D:08:E9:24:8A:8E:49:A9:4D:28"}}},"request":{"raw":"GET /7ab7b47.js HTTP/1.1\r\nHost: da4talg8ap14y.cloudfront.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\nlast-modified: Tue, 24 Feb 2026 12:26:30 GMT\r\nserver: AmazonS3\r\ncontent-encoding: br\r\ndate: Thu, 26 Feb 2026 14:56:40 GMT\r\netag: W/\"dbe451db27ded8a6693127c5f75fbf6a\"\r\nvary: accept-encoding\r\nx-cache: Error from cloudfront\r\nvia: 1.1 b053873243f91b1bb6dc406ce0c67db4.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: IUL3d1M2px_d6bdgRfV8GhL_Z-YE4jAXF3nJ3nZX2kWOewxu8tkmcA==\r\nage: 190\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]},{"name":"Amazon S3","description":"Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface.","website":"https://aws.amazon.com/s3/","common_platform_enumeration":"","icon":"Amazon S3.svg","categories":["CDN"]},{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]}],"data":{"size":27325,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (1637), with CRLF line terminators","md5":"dbe451db27ded8a6693127c5f75fbf6a","sha1":"cfa488e05bd335acd3a552390b34076dc3de1dbb","sha256":"33b51d9dc698ae440ce10cdb24dd0ef9c0f9536e6f58e25c003252094f8172d7","sha512":"13f5dc59d1a4dc5726a8ee8c02a749593e61e8a1f4ea6ce5a830016c696e0994a8e141dee341d00b500b8ca9cea72bd20038ad66379eacccb433f993c47dedb7","ssdeep":"768:n5f2v236wBXroljZ1/peRXMiH54aGz1WCyQgmip4L/4aLv0NO:T3Z7OZ1h2ayQgM","tlshash":"04c2545aab6a1849867763b9df1f5208f675032f1512c119bc7c88d85fb0d3442aaffc","first_seen":"2026-02-24T15:07:21.466786Z","last_seen":"2026-05-10T19:50:13.991429Z","times_seen":297,"resource_available":true,"data":null}},"time_used":415,"timings":{"blocked":11,"dns":28,"connect":1,"send":0,"wait":364,"receive":0,"ssl":8},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.713Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:07 GMT","end":"Mon, 27 Apr 2026 08:38:06 GMT"},"fingerprint":{"sha1":"FD:7B:7B:3F:B0:E9:E6:F2:B2:20:AF:6D:E3:76:AC:43:C9:2B:95:1F","sha256":"05:F7:EC:37:83:98:A5:87:8A:AE:AD:80:95:CC:A6:0A:C4:F9:42:EF:07:B0:C2:6B:6F:1B:27:7A:78:A8:CE:64"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://buxgifts.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 23:57:07 GMT\r\nexpires: Thu, 25 Feb 2027 23:57:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 54102\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-07T08:17:36.502318Z","times_seen":180967,"resource_available":false,"data":null}},"time_used":240,"timings":{"blocked":102,"dns":1,"connect":14,"send":0,"wait":15,"receive":19,"ssl":86},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:07 GMT","end":"Mon, 27 Apr 2026 08:38:06 GMT"},"fingerprint":{"sha1":"FD:7B:7B:3F:B0:E9:E6:F2:B2:20:AF:6D:E3:76:AC:43:C9:2B:95:1F","sha256":"05:F7:EC:37:83:98:A5:87:8A:AE:AD:80:95:CC:A6:0A:C4:F9:42:EF:07:B0:C2:6B:6F:1B:27:7A:78:A8:CE:64"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://buxgifts.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 23:57:07 GMT\r\nexpires: Thu, 25 Feb 2027 23:57:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 54102\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-07T08:17:36.502318Z","times_seen":180967,"resource_available":false,"data":null}},"time_used":283,"timings":{"blocked":126,"dns":0,"connect":30,"send":0,"wait":17,"receive":7,"ssl":101},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-02-26T14:58:49.100Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nx-powered-by: PHP/7.2.34\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1637\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Bootstrap","description":"Bootstrap is a free and open-source CSS framework directed at responsive, mobile-first front-end web development. It contains CSS and JavaScript-based design templates for typography, forms, buttons, navigation, and other interface components.","website":"https://getbootstrap.com","common_platform_enumeration":"cpe:2.3:a:getbootstrap:bootstrap:*:*:*:*:*:*:*:*","icon":"Bootstrap.svg","categories":["UI frameworks"]},{"name":"Google Hosted Libraries","description":"Google Hosted Libraries is a stable, reliable, high-speed, globally available content distribution network for the most popular, open-source JavaScript libraries.","website":"https://developers.google.com/speed/libraries","common_platform_enumeration":"","icon":"Google Developers.svg","categories":["CDN"]},{"name":"jQuery:2.1.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"particles.js","description":"Particles.js is a JavaScript library for creating particles.","website":"https://github.com/VincentGarreau/particles.js","common_platform_enumeration":"","icon":"","categories":["JavaScript graphics"]},{"name":"PHP:7.2.34","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":5733,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with CRLF line terminators","md5":"4820a1b302974c2b8645fe82c51ed03a","sha1":"ac5ca2563c9f687044c0dea44d95e5ab27c3bcab","sha256":"30e2a7bc92d8d38bfff1bd9acdaf05cab9028160a91a59913bad09a0872b82e6","sha512":"18a6a1026f8e060c7a950a751146c4121ff724d2553cbfdad29b87a82cb3a9284d88ebf59b01e7120587e0ebb2230ded29b38ead751d5cdfec96329e3dc42cff","ssdeep":"96:Psu4PGP5VJxqw92o3jVJqfokNzmNEi1NFqedqLZNKcRWLyRjFR86RxjRz/EqLVNF:4PGPbJ0w92ozVkokNzmNEi1NFqSqLZNV","tlshash":"18c1ca213888d17b121382c740766b9dd5afce36e723c866f6f4177f27c2d849d2a462","first_seen":"2026-02-26T14:59:15.922707Z","last_seen":"2026-03-29T15:12:21.095172Z","times_seen":5,"resource_available":false,"data":null}},"time_used":371,"timings":{"blocked":157,"dns":65,"connect":42,"send":0,"wait":56,"receive":0,"ssl":47},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/icon?family=Material+Icons|Material+Icons+Two+Tone|","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.480Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 26 Jan 2026 08:40:56 GMT","end":"Mon, 20 Apr 2026 08:40:55 GMT"},"fingerprint":{"sha1":"09:4B:1C:B6:64:C5:97:5E:E3:CF:D9:FF:1A:01:C4:D8:D7:10:82:7A","sha256":"2F:A7:09:04:89:72:33:DE:1D:F8:A7:A6:EC:9F:0C:74:15:D5:B0:87:85:BE:25:63:1A:0E:73:0C:72:E3:CD:C8"}}},"request":{"raw":"GET /icon?family=Material+Icons|Material+Icons+Two+Tone| HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Thu, 26 Feb 2026 14:58:49 GMT\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":1234,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"9157f838cd69bf2b1e7472c618eaa901","sha1":"ebf7aad62fbf3fd24ab1984319e0fee967f7c472","sha256":"f1f372448cd7f13713a248e63edc1f46fc794764745d2ef56bf14cea6cd9dd74","sha512":"348a74e39162e896a2bdc5469874ba8d489fd61b2b3bf5872a3bc35da0191225e37263fa13bb95156306c046812c6672fd34198d3e04a0ccdadbac9aad79daf1","ssdeep":"","tlshash":"5221df65ba1a988665110c47730f3f154d2d401f680ac8fe8b851d8c8dff1bb134670f","first_seen":"2025-09-18T05:14:30.22719Z","last_seen":"2026-06-07T08:00:11.503464Z","times_seen":271,"resource_available":false,"data":null}},"time_used":231,"timings":{"blocked":100,"dns":1,"connect":7,"send":0,"wait":17,"receive":0,"ssl":103},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.481Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/font-awesome/5.15.1/css/all.min.css HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://buxgifts.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\ncontent-type: text/css; charset=utf-8\r\ncontent-length: 10491\r\ncf-ray: 9d404d834b7e35a6-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"5f7b5b5f-e7d0\"\r\nlast-modified: Mon, 05 Oct 2020 17:43:59 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 682817\r\nexpires: Tue, 16 Feb 2027 14:58:49 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=wY7%2BtiSos9GKgcsUkKhzPTpUA4wyR9TPtmMEJsTo%2Bv8S%2BxU1jE41qROTEx89sUr4ahJdaCMh%2F5kuOkMV6%2FJg204MZykkkUHu5YXmsFOR%2FObUT34P2MK%2F8W72J3l0i84AckfQGeP1\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":59344,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (59158)","md5":"b227b1617a1763c8bc056772f05482b4","sha1":"c508528feb9fd540454f838653cd4863b290df2e","sha256":"af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325","sha512":"fb8cc22bd93ea8d1544795fe70a2fd10847e64e86d225a0d97d188292e7b57533236c62961c52b51e41cf6f35fcec59f576f0868b2f78bde8ff6c74dc9e46cb0","ssdeep":"768:OEh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSzl:OE0PxXE4YXJgndFTfy9lt5B","tlshash":"c743fbb8e54c01c9b731c44bef82b2bc61b6f73de5914d95f00e691c2ad26a811c5fba","first_seen":"2023-04-05T05:13:35Z","last_seen":"2026-06-07T15:29:48.994291Z","times_seen":11222,"resource_available":false,"data":null}},"time_used":68,"timings":{"blocked":0,"dns":1,"connect":1,"send":0,"wait":46,"receive":2,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/js/ion.sound.min.js","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.501Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/js/ion.sound.min.js HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 3113\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":12860,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (535), with CRLF line terminators","md5":"b710025e9615bd7373ec7cd49e21a99f","sha1":"4f831a37b333a2f39b6cf4d8d43b7f07ba8db4f8","sha256":"1520e67c06c2b44c67aec9833b5f1c5324c2cc8842d82f7cc3509adc34c95a0a","sha512":"45331a852e455bb4d56015cbb6728a55065b3c090291d8c61614c4a366a1d0729e20d7902d407bb97d5ea8717db060bea3ddb3a0c365cae85850663dfa9cb0c6","ssdeep":"192:Ixtd1gpzHtptP1aymRglPkOHZdOc72XIPuC1Yw:IfgpzlDAglPdic724Px1Yw","tlshash":"26424f1f7181f76551e6eaea205b034e0372e17a6884469d3d3cebf6ed2190f503ba78","first_seen":"2023-03-07T14:20:11Z","last_seen":"2026-06-07T00:37:47.009343Z","times_seen":271,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.714Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:07 GMT","end":"Mon, 27 Apr 2026 08:38:06 GMT"},"fingerprint":{"sha1":"FD:7B:7B:3F:B0:E9:E6:F2:B2:20:AF:6D:E3:76:AC:43:C9:2B:95:1F","sha256":"05:F7:EC:37:83:98:A5:87:8A:AE:AD:80:95:CC:A6:0A:C4:F9:42:EF:07:B0:C2:6B:6F:1B:27:7A:78:A8:CE:64"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://buxgifts.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 23:57:07 GMT\r\nexpires: Thu, 25 Feb 2027 23:57:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 54102\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-07T08:17:36.502318Z","times_seen":180967,"resource_available":false,"data":null}},"time_used":376,"timings":{"blocked":170,"dns":0,"connect":29,"send":0,"wait":30,"receive":2,"ssl":140},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.715Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:07 GMT","end":"Mon, 27 Apr 2026 08:38:06 GMT"},"fingerprint":{"sha1":"FD:7B:7B:3F:B0:E9:E6:F2:B2:20:AF:6D:E3:76:AC:43:C9:2B:95:1F","sha256":"05:F7:EC:37:83:98:A5:87:8A:AE:AD:80:95:CC:A6:0A:C4:F9:42:EF:07:B0:C2:6B:6F:1B:27:7A:78:A8:CE:64"}}},"request":{"raw":"GET /s/roboto/v51/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://buxgifts.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 43136\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Wed, 25 Feb 2026 23:57:07 GMT\r\nexpires: Thu, 25 Feb 2027 23:57:07 GMT\r\ncache-control: public, max-age=31536000\r\nage: 54102\r\nlast-modified: Wed, 18 Feb 2026 19:51:37 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":43136,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 43136, version 1.0","md5":"665db5e157d2138835c4037c971ff3a4","sha1":"41ca6b7e4818eb81531d8006ff7ddd971c640879","sha256":"1404ca348bd75ef836f4dd8b6f2cc719458642d1237c368296b2fc652dca47dc","sha512":"6c999466673c9873b1b112d6ab95c7cecb99467ea156e3e046b54c5f3d109c3845b05cbb2a0245d178430c7b2ceacd5110f7d8faf7e041100f44852b0c29fe9a","ssdeep":"768:tMTmVhyXCrekkraPAjrWMMWD3UJmw0FRwoglekm+hQ7//geceSF/mEQBPMAmDu5:cmHkCrHvPAjrWMMI3UJswogl4j7/hSlW","tlshash":"f9130231eb70ee59962c903454e7fda9433b1457d731aca80e99a1ce6f8103454facec","first_seen":"2026-02-19T22:27:43.350598Z","last_seen":"2026-06-07T08:17:36.502318Z","times_seen":180967,"resource_available":false,"data":null}},"time_used":255,"timings":{"blocked":104,"dns":0,"connect":15,"send":0,"wait":31,"receive":9,"ssl":93},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.25.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 13 Jan 2026 22:16:05 GMT","end":"Mon, 13 Apr 2026 23:15:55 GMT"},"fingerprint":{"sha1":"D9:00:47:77:A5:47:66:A1:6F:DA:EB:4B:BB:BF:67:49:BF:2C:A4:75","sha256":"07:A7:3E:4A:B2:9F:0A:07:6C:78:A7:7B:DC:2B:68:A1:84:7A:7F:1B:45:6C:71:8E:5E:79:F3:11:1A:6C:4F:62"}}},"request":{"raw":"GET /ajax/libs/font-awesome/5.15.1/webfonts/fa-brands-400.woff2 HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://buxgifts.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://cdnjs.cloudflare.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\ncontent-type: application/octet-stream; charset=utf-8\r\ncontent-length: 78460\r\ncf-ray: 9d404d84b9fd35a6-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\netag: \"5f7b5b5f-1327c\"\r\nlast-modified: Mon, 05 Oct 2020 17:43:59 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1242608\r\nexpires: Tue, 16 Feb 2027 14:58:49 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=RrObTd7zM3As1HzQYjQWWJp8drtdBUqxnm3TjGIAtFp0etaYFRpTjVM%2BNUpCEpyNKHtjfZV45c4g0jS2A8KoLpSMRkId82u59GN5DYOvlDYpCwk9Av%2BpPtQT2iuP53jTJF1aQ2Zk\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78460,"size_decoded":0,"mime_type":"application/octet-stream; charset=utf-8","magic":"Web Open Font Format (Version 2), TrueType, length 78460, version 331.-31392","md5":"f075c50f89795e4cdb4d45b51f1a6800","sha1":"f726c4275bb494a045fde059175f072de06c01df","sha256":"71b3ce72680f4183d28db86b184542051fd533bb1146933233e4f6a20cf98cba","sha512":"5f4f35e9acdb825a245e678a834b2bc6d5c302693fffc3497717024c2d8385ffdeb233d4d7f368f1356a2adfcaab0a89157edbcca45b9f310f1cdd7f44cac955","ssdeep":"1536:uZWBokruo7jgeq3Yv8E9MjaR3yOWaaqPbkJSmMlckzeSUSalX:sWBbuo/vqov8yTS/qPmMekzyx","tlshash":"7b73124d6fe2a9eaa9bc3f332fb38412ac819d654bf2c1b3055e12d51c8177da8d4135","first_seen":"2023-04-06T10:15:59Z","last_seen":"2026-06-07T08:17:36.395677Z","times_seen":19895,"resource_available":false,"data":null}},"time_used":22,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":3,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/img/Robux%20Icon%20Grey.png","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.497Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/img/Robux%20Icon%20Grey.png HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Thu, 05 Mar 2026 14:58:49 GMT\r\ncontent-type: image/png\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-length: 4891\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":4891,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 236 x 260, 8-bit colormap, non-interlaced","md5":"a7f844962aa45e25e60c71d394ed6181","sha1":"c2fc0404eeb8d393407bdaebe2cc9994a8953550","sha256":"7be7bca9077403c9e23ab5919d05410d6d25b712a8e6a02ed80426add403a1cc","sha512":"09983aad60442bf0439f558d7b9fe192787dd68cf9f45afa555f0251cf9960113144f860bd925bf7a2dcad9d6374ac08873e76631aaedfe39584001d53637c70","ssdeep":"96:ZBf33Pf3ff33Pf3e5RfR2MJZhaM7bX3ZrffZlfzY/0rpxV9J0HYYnXfBs4NyGI:ZBnnnqf/fbHD6sFkHFW4NyGI","tlshash":"a6a15bc0c596b4046d392e377528fab511dccb2782c48e2332f287cfa6ae6542144d6d","first_seen":"2025-12-13T16:02:35.003585Z","last_seen":"2026-05-31T15:10:14.254957Z","times_seen":89,"resource_available":false,"data":null}},"time_used":81,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":81,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/js/jquery.countTo.js","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.500Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/js/jquery.countTo.js HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 1030\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":3761,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text","md5":"acad36d38da9f68c52bb074b2c478d0f","sha1":"922c71c5699f9306a415a7a344be46d92e0fc4a1","sha256":"00619814b3b256720a9ffd9408397d0ffe5559ff301d608eb66f585343fd83a2","sha512":"5be7c4d8f9e001a527d75e1fa0eb63edb24d0eaaea00d2ca8c66fa832cf5e7d868175f8d9c45917e042d1299f79022e3425510fc50214ec9a6a9034ec7f4413b","ssdeep":"","tlshash":"46716d49bbef2111956b20dd5f5f114c3234932b144b8548799d93c08fa6839e6eafbc","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-06-07T10:23:36.361217Z","times_seen":1223,"resource_available":true,"data":null}},"time_used":78,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":78,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"buxgifts.click/assets/js/drc.js","fqdn":"buxgifts.click","domain":"buxgifts.click","tld":"click"},"ip":{"addr":"91.218.49.169","port":443,"asn":0,"as":"","country":"Ukraine","country_code":"UA"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.505Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.buxgifts.click","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 23 Jan 2026 08:32:47 GMT","end":"Thu, 23 Apr 2026 08:32:46 GMT"},"fingerprint":{"sha1":"8E:4D:4C:4A:EA:1B:3D:CF:7E:5B:FE:93:72:FF:39:06:C6:F1:6E:1D","sha256":"80:EB:6C:96:A3:EC:C2:8F:18:86:A0:25:6F:F4:48:FF:00:87:3C:7D:F4:DE:21:9D:D6:11:12:71:68:86:71:DA"}}},"request":{"raw":"GET /assets/js/drc.js HTTP/1.1\r\nHost: buxgifts.click\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://buxgifts.click/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/javascript\r\nlast-modified: Fri, 23 Jan 2026 09:28:27 GMT\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding\r\ncontent-length: 13736\r\ndate: Thu, 26 Feb 2026 14:58:49 GMT\r\nserver: LiteSpeed\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":47513,"size_decoded":0,"mime_type":"text/javascript","magic":"JavaScript source, ASCII text, with very long lines (47513), with no line terminators","md5":"78da37bad7fcacb91fea3212b56d0927","sha1":"55a0a49e58870b153cd2a0ccb9ba89857e7d70b9","sha256":"b3c2c181c9a42cdd5bf2225870a58c079ea867cbbb7aff1a6314fd9f62999cda","sha512":"8f4ff61bb5ac5f686262292ae2d0acfdaec8153dfcf01f662e70838129f7be757e5a7dea1e59dfd538c7b6fe544f8fc4c9b0d401b8a54aea9cf1ad3c289db2da","ssdeep":"768:u23MrStcT21VRDW2F1W6IuoldRHmc1CloUbpOuEEK4w08gBmHJY/XWDjBdVzgfDC:j3M+t365Dh/ewVMocGhCnzTqkk8ArF","tlshash":"9a230f85b3c1b88103cb9b7a735fa1e9e52e5ce93458084fc102fcd0f5b991ae9e5a74","first_seen":"2023-03-10T21:16:50Z","last_seen":"2026-06-07T00:37:47.030061Z","times_seen":116,"resource_available":true,"data":null}},"time_used":118,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":118,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2026-02-26","alert":"Sinkholed","trigger":"buxgifts.click","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2026-02-26","alert":"Phishing Block","trigger":"buxgifts.click","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/materialiconstwotone/v113/hESh6WRmNCxEqUmNyh3JDeGxjVVyMg4tHGctNCu0.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.99","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://buxgifts.click/","date":"2026-02-26T14:58:49.718Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 02 Feb 2026 08:38:07 GMT","end":"Mon, 27 Apr 2026 08:38:06 GMT"},"fingerprint":{"sha1":"FD:7B:7B:3F:B0:E9:E6:F2:B2:20:AF:6D:E3:76:AC:43:C9:2B:95:1F","sha256":"05:F7:EC:37:83:98:A5:87:8A:AE:AD:80:95:CC:A6:0A:C4:F9:42:EF:07:B0:C2:6B:6F:1B:27:7A:78:A8:CE:64"}}},"request":{"raw":"GET /s/materialiconstwotone/v113/hESh6WRmNCxEqUmNyh3JDeGxjVVyMg4tHGctNCu0.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://buxgifts.click\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 215704\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Mon, 23 Feb 2026 05:50:44 GMT\r\nexpires: Tue, 23 Feb 2027 05:50:44 GMT\r\ncache-control: public, max-age=31536000\r\nage: 292085\r\nlast-modified: Mon, 16 Jun 2025 20:30:02 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":215704,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), CFF, length 215704, version 1.0","md5":"e2c22f8cedcd54788de212b3bbea8e55","sha1":"296ff0bff395a77c2e33e7e31fffe73980bd93cf","sha256":"1e673ba8589654794d2ad375c2873f1870a4578f2b3e847dcc407add03b57ac2","sha512":"13950b8ac95cd4d9b7d569d49fc7d39a3c4ca1b743c5cccf5a697b1c7030e36c6872e5bbce998e19b4056c504a6c8332dfebad7d55d720ed9b40927f31818a28","ssdeep":"6144:1ntWY7JihyTtR7jf6i+02QnWe3hEm0ItmqkFBbABirib:1ncYF7LNWuEmjtF2ABirib","tlshash":"ce2423dde7aeac717ae3a07458957793188ae2b64506e1d8e93f711109c0f4d8b0ea81","first_seen":"2023-05-02T06:36:01Z","last_seen":"2026-06-07T00:37:47.016461Z","times_seen":327,"resource_available":false,"data":null}},"time_used":362,"timings":{"blocked":156,"dns":0,"connect":28,"send":0,"wait":16,"receive":23,"ssl":135},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}