{"report_id":"6e404287-ad46-4e29-8e1d-e05f00e12fc6","version":6,"status":"done","tags":[],"date":"2026-04-18T09:05:03Z","url":{"schema":"http","addr":"4zbse3pi0u.efaaticketsa.com/2lr?s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","fqdn":"4zbse3pi0u.efaaticketsa.com","domain":"efaaticketsa.com","tld":"com"},"ip":{"addr":"165.154.239.215","port":0,"asn":142002,"as":"Scloud Pte Ltd","country":"Germany","country_code":"DE"},"final":{"url":{"schema":"https","addr":"yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"title":"Women who know themselves. Men who can keep up.","dom":{"size":0,"mime_type":"text/plain; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","dom_hash":"domhash1f07f384c75181c66badb60ab1ec770b","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"4zbse3pi0u.efaaticketsa.com/2lr?s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","fqdn":"4zbse3pi0u.efaaticketsa.com","domain":"efaaticketsa.com","tld":"com"},"ip":{"addr":"165.154.239.215","port":0,"asn":142002,"as":"Scloud Pte Ltd","country":"Germany","country_code":"DE"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-05-23T09:05:03Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":6}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"svntrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null},"summary":[{"fqdn":"lh3.google.com","ip":{"addr":"216.58.201.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":1918,"first_seen":"2012-07-20T22:52:12Z","last_seen":"2026-04-13T08:10:48.858651Z","alert_count":0,"request_count":1,"received_data":505,"sent_data":444,"comment":"","tags":null,"fingerprints":null},{"fqdn":"accounts.google.com","ip":{"addr":"209.85.233.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"1997-09-15","domain_rank":103,"first_seen":"2012-05-23T06:57:57Z","last_seen":"2026-04-13T01:20:22.552813Z","alert_count":0,"request_count":3,"received_data":6873,"sent_data":1728,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}]},{"fqdn":"4zbse3pi0u.efaaticketsa.com","ip":{"addr":"165.154.239.215","port":80,"asn":142002,"as":"Scloud Pte Ltd","country":"Germany","country_code":"DE"},"domain_registered":"unknown","domain_rank":0,"first_seen":"No data","last_seen":"No data","alert_count":6,"request_count":2,"received_data":6424,"sent_data":1026,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-04-12T22:20:19.752051Z","alert_count":0,"request_count":1,"received_data":6525,"sent_data":523,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"svntrk.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2018-04-18","domain_rank":392290,"first_seen":"2018-04-27T07:41:55Z","last_seen":"2026-04-13T07:32:17.210312Z","alert_count":1,"request_count":1,"received_data":671,"sent_data":429,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-04-12T22:16:45.621325Z","alert_count":0,"request_count":3,"received_data":130766,"sent_data":1655,"comment":"","tags":null,"fingerprints":null},{"fqdn":"yellowusheart.net","ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-10-01","domain_rank":0,"first_seen":"2025-10-03T16:59:09.975633Z","last_seen":"2026-04-13T12:23:39.000543Z","alert_count":16,"request_count":8,"received_data":600092,"sent_data":9307,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"yellowusheart.net/landings/wlc31/js/vendor.js?id=f23bc11d2441d5b9e86b53d88a5908ea","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"aca5e6c0028f1b4960a0e62d6d24e559","sha1":"4a8d1497f6447254f1e671ee5dda6bd72f562a17","sha256":"364258e1672bcb945d88922135f05c121011adc7539bcc2da9e34bf409d7d032","sha512":"87526b200bde3c28a84e5e9046339f4cc518a53b57317ed9219dd7254c0604445a6e6c2caab7d916165a4bbffb78f3adcc7ea263bc846b62d0ccd58fc3aedc3c","ssdeep":"1536:v8gdiZ8tGTw+U6XMUbxmyBgoCJSLvWrbUSNSDoAzyuDNEVsHdlBGHMuZ+3v2MQ8/:QdZSNSDotgHdZuE3v4JuxQEL","tlshash":"e0a319ddb2c6716347ab70ba00bf550af2365599680d8440f029d8eabc78e4e523bf7d","size":100254,"data":"","first_seen":"2025-10-31T14:13:53.047241Z","last_seen":"2026-04-18T11:59:48.385757Z","times_seen":128674,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8f470b7531c34b38cad2dfad198be8ee","sha1":"d12f4cc23a79dc57e3941c5486d822cfb0398c86","sha256":"8167a2f4ed92a766e258e4e0e5a8ac755d07c4d17e0a0eefa6dd6fdabc35f23f","sha512":"d4ebe82b236c6a8d9d929b67d364878c5e05eb6785f5bc4af7a16dc5e2702753ad0734bed1dad0a058d122117304ad3648ac298822ead5f9677fda17caf73681","ssdeep":"","tlshash":"ac5132828da755b17d6b362a1f6fb10a30f7453f0848ca507a1cd5086f95bb7b1c8af0","size":2569,"data":"","first_seen":"2026-04-18T09:05:17.957551Z","last_seen":"2026-04-18T09:05:17.957551Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/scripts/fp.v3.js?id=646d4b3deea4287def3fdfc18906bcc7","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"1d8ad98fe3471d1a74d485f9b4737bfc","sha1":"a1190f7bb41660f682d59e15c2606279da0792f7","sha256":"9aa12d141f3c41629c83ac95bf3bebab2b33bca7f8f8988bf64b53b57c73714c","sha512":"7fb9f2102417806125bb6cfc40d829f98ca8cb772b9ba847562a19b7e0e6e3e1a3e78ccf464a2409741ee9074d12ca521d305c3ae16ff774e2bb6e3c462dda51","ssdeep":"768:WTW1G6kf2ckxyISuNwxJDJzFE8CYtCgkbAIlIdlIZCwXy:ljvfxyI7N8JDJJEnYsgu3ZRC","tlshash":"be0329d872c7b01e5263697a157fa046ba3abd50750d8c07da3be1c07ca5d4a023bfb9","size":40104,"data":"","first_seen":"2023-04-05T13:38:28Z","last_seen":"2026-04-18T11:59:48.417383Z","times_seen":213958,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"svntrk.com/assets/wkb1_69e3492928707.js","fqdn":"svntrk.com","domain":"svntrk.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.456Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"svntrk.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 14 Mar 2026 06:42:47 GMT","end":"Fri, 12 Jun 2026 07:40:27 GMT"},"fingerprint":{"sha1":"1B:D3:D5:59:D2:CD:A2:A6:07:A0:BF:B0:F8:31:0B:EB:1D:25:FE:1D","sha256":"E1:1C:F3:0C:20:92:02:B2:64:09:41:A6:63:D9:79:CE:80:FF:C0:F0:8A:27:D9:D7:02:DE:AF:26:D7:F4:50:86"}}},"request":{"raw":"GET /assets/wkb1_69e3492928707.js HTTP/1.1\r\nHost: svntrk.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 09:04:41 GMT\r\ncontent-type: text/javascript; charset=UTF-8\r\nserver: cloudflare\r\ncache-control: no-cache, private\r\nset-cookie: svnimp=69e34929ac320; path=/; secure; httponly; samesite=none\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-cache-status: BYPASS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=FfM7IB3F4Gm4Rp0QJpABF6YZ8N%2FEfEmyRagXdtU9kGoibh2RT4xmaXMzOoKeJynZ2uVKpC198l%2F%2BZGnbTQp%2FxuEX2pZUJy9fQ0uJN6o8yqD787ktELTlmt0HQwub\"}]}\r\ncontent-encoding: br\r\ncf-ray: 9ee280e35dce4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T11:23:12.520476Z","times_seen":13896243,"resource_available":true,"data":null}},"time_used":351,"timings":{"blocked":36,"dns":22,"connect":1,"send":0,"wait":274,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-17","alert":"Sinkholed","trigger":"svntrk.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/montserrat/v31/JTUSjIg1_i6t8kCHKm459WlhyyTn89ddpQ.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.973Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/montserrat/v31/JTUSjIg1_i6t8kCHKm459WlhyyTn89ddpQ.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://yellowusheart.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 37756\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 18 Apr 2026 02:00:51 GMT\r\nexpires: Sun, 18 Apr 2027 02:00:51 GMT\r\ncache-control: public, max-age=31536000\r\nage: 25431\r\nlast-modified: Thu, 04 Sep 2025 17:09:21 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":37756,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 37756, version 1.0","md5":"8a6a885dd57e60ddd85f3190737fa209","sha1":"dbca56b7fe8ee5e4bfb648d639fc6a3bfc5c6e85","sha256":"b9b102f608e8252e3c1e7287309832b16af7dcc6e788651fa503a3faacd7fb2f","sha512":"2bd785869777dc57dbb5934d4c6915b66f89746dd79897820eb4bbd0d262b2612bafdfb07c1e092658ad819f582a97e6a196531f74187d8a0b0bbd07fcbba56a","ssdeep":"768:sqRKhgpCf9U72WeD4A/5IqtBr0ikGvEaQh38/LBu3Emdc043RpgZKMqjkEfO1m:jKgp+9U7Ve8A/7Ai9Et3EBKEUE3RqMMu","tlshash":"3e030130df5884edcc0ba371fdeea81fc7a332a594c0b3368297af1b80111499d99e49","first_seen":"2025-09-05T00:25:10.258656Z","last_seen":"2026-04-18T11:26:32.379693Z","times_seen":333688,"resource_available":false,"data":null}},"time_used":186,"timings":{"blocked":83,"dns":1,"connect":7,"send":0,"wait":10,"receive":8,"ssl":72},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/landings/wlc31/video/Video.webm","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"media","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.987Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /landings/wlc31/video/Video.webm HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: video/webm,video/ogg,video/*;q=0.9,application/ogg;q=0.7,audio/*;q=0.6,*/*;q=0.5\r\nAccept-Language: en-US,en;q=0.5\r\nRange: bytes=0-\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; laravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; SRVNAME=w2\r\nSec-Fetch-Dest: video\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nAccept-Encoding: identity\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 206 Partial Content\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 09:04:42 GMT\r\ncontent-type: video/webm\r\ncontent-length: 404044\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 16 Apr 2026 10:51:10 GMT\r\netag: \"69e0bf1e-62a4c\"\r\ncontent-range: bytes 0-404043/404044\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=EACOMFD2IitShH0TaVCVYrydgzU%2FejsijhN2tsGtahQmnJmWic26cWNryhzjl4uf%2BIn8%2BPckSu87lyZ5n8mLgZ5HkdkTVBAieZKu2q3ThKw8vGkTSjQThXbwMg79VtGQPn4JAw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee280e66b7223eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"206","status_text":"Partial Content","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":404044,"size_decoded":0,"mime_type":"video/webm","magic":"WebM","md5":"f429596f4385231e13ee9172b90f1730","sha1":"b050cadf010e5a7d982c0ce0efa0a24843a1fd40","sha256":"3a9d131e34ddafe5681126e032a451d798e10294d95bd1cc2989540ebc463d16","sha512":"5089be6acb0adb8da5117f3ba42c0a84b126c7517b8ffdc14e5d1df4f8f12e46343bbe6f97f4c587d518861adef4652441c0916ea2f4cacc36ae04fc7cd54dc8","ssdeep":"12288:fni7OwYjPfVJ6/uxoLdVTrJIbF3ND2yy1IHk:a756J6/soL7Tr+bnhyik","tlshash":"7c84124bcb9465d3c90e4637c24f07079b1ad989a4fb4866e673f683ec88e4ead07117","first_seen":"2025-03-30T08:55:51.341409Z","last_seen":"2026-04-18T11:18:45.51711Z","times_seen":2152,"resource_available":false,"data":null}},"time_used":592,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":342,"receive":250,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0=w100","fqdn":"lh3.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"216.58.201.238","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:42.712Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:35:08 GMT","end":"Mon, 22 Jun 2026 08:35:07 GMT"},"fingerprint":{"sha1":"02:11:B2:1D:09:0D:9E:4E:5B:DC:0A:6C:D5:4B:C6:4A:5B:50:C8:26","sha256":"99:E1:4B:50:60:0E:C3:94:CB:2C:15:85:8E:68:FF:F1:9C:B7:0C:9E:E0:8C:B7:29:52:18:12:81:67:C4:38:23"}}},"request":{"raw":"GET /u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0=w100 HTTP/1.1\r\nHost: lh3.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\nlocation: https://accounts.google.com/ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026hl=en\r\ncache-control: private\r\nvary: Origin\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\ncontent-type: text/html; charset=UTF-8\r\nx-content-type-options: nosniff\r\ndate: Sat, 18 Apr 2026 09:04:42 GMT\r\nserver: fife\r\ncontent-length: 337\r\nx-xss-protection: 0\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T11:23:12.520476Z","times_seen":13896243,"resource_available":true,"data":null}},"time_used":331,"timings":{"blocked":149,"dns":44,"connect":21,"send":0,"wait":33,"receive":0,"ssl":81},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026dsh=S1057458485%3A1776503083011373\u0026hl=en\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026ifkv=AT1y2_VOhHE5aeAUXVL6e_NdT_xxokr7Ccpbm6Rr7ZZu-gbTFebtDHB7MMerPlWBeVQgYSFu7Xg9","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"209.85.233.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:43.065Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:37:42 GMT","end":"Mon, 22 Jun 2026 08:37:41 GMT"},"fingerprint":{"sha1":"3C:A0:0E:DF:F7:7D:A8:F7:0A:8D:D1:D6:B0:3D:65:40:6B:80:34:7F","sha256":"2D:AA:65:1F:64:8D:81:EE:38:7B:28:A1:94:5C:B4:DA:16:30:66:D7:0E:A2:40:17:26:64:EF:D0:A9:43:A9:91"}}},"request":{"raw":"GET /v3/signin/identifier?continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026dsh=S1057458485%3A1776503083011373\u0026hl=en\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026ifkv=AT1y2_VOhHE5aeAUXVL6e_NdT_xxokr7Ccpbm6Rr7ZZu-gbTFebtDHB7MMerPlWBeVQgYSFu7Xg9 HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 403 Forbidden\r\ncontent-type: text/html; charset=utf-8\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 18 Apr 2026 09:04:43 GMT\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"AccountsSignInUi\"\r\ncontent-security-policy: script-src 'nonce-JcjExJ_Vza0WPEuRDdurCA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /v3/signin/_/AccountsSignInUi/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/allowlist, require-trusted-types-for 'script';report-uri /v3/signin/_/AccountsSignInUi/cspreport\r\ncontent-security-policy-report-only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js https://translate.google.com/translate_a/element.js https://www.google.com/recaptcha/api.js https://www.google.com/recaptcha/enterprise.js https://www.gstatic.com/recaptcha/ https://www.google.com/tools/feedback/chat_load.js https://www.google.com/tools/feedback/help_api.js https://www.google.com/tools/feedback/load.js https://www.google.com/tools/feedback/open.js https://www.google.com/tools/feedback/open_to_help_guide_lazy.js https://www.gstatic.com/feedback/js/ https://www.gstatic.com/feedback/js/help/prod/service/lazy.min.js https://www.gstatic.com/inproduct_help/api/main.min.js https://www.gstatic.com/inproduct_help/chatsupport/chatsupport_button_v2.js https://www.gstatic.com/inproduct_help/service/lazy.min.js https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://www.gstatic.com/_/mss/boq-one-google/_/ https://www.gstatic.com/og/_/js/ https://apis.google.com/js/api.js https://apis.google.com/js/client.js https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js https://www.googletagmanager.com/gtag/destination https://www.gstatic.com/_/mss/boq-identity/_/js/k=boq-identity.AccountsSignInUi.en.XbtEKILyvPQ.es5.O/ https://apis.google.com/_/scs/abc-static/_/js/ https://translate.googleapis.com/_/translate_http/_/js/ https://www.gstatic.com/recaptcha/releases/;report-uri /v3/signin/_/AccountsSignInUi/cspreport/fine-allowlist\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\nreport-to: {\"group\":\"AccountsSignInUi\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/AccountsSignInUi\"}]}\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"403","status_text":"Forbidden","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T11:23:12.520476Z","times_seen":13896243,"resource_available":true,"data":null}},"time_used":56,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":56,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T09:04:40.853Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Sat, 18 Apr 2026 09:04:41 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncache-control: private, must-revalidate\r\npragma: no-cache\r\nexpires: -1\r\nset-cookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; expires=Sat, 18-Apr-2026 09:34:41 GMT; Max-Age=1800; path=/; samesite=lax\nlaravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; path=/; httponly; samesite=lax\nSRVNAME=w2; path=/\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=VNombBAL1LRqZiJxXelC6AO%2FCau2%2BPTUnTgh%2Bi%2BsB8MykVD2ZkSFt3mWSl3xxIuGc%2B2B%2Bf2FkRYpWQU2oUZs1%2Fs%2BrlfbqO72%2BQ%2BO4WwhOQLAkanAFM3%2BG1wUJRxxIEoytLQFPg%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\nvary: accept-encoding\r\ncontent-encoding: br\r\ncf-ray: 9ee280dfb8a10daa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6151,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (367)","md5":"038549867d4f566f964c987ceb3e563c","sha1":"b55f41924e493e270ae3f62bcc46c24aa56f7987","sha256":"0a32118acecd78005b91429e94ad7f4785839898c384f5968cf9c77b083a2c03","sha512":"55f4b3fe7262ee8ee80394f6c8938396c9397d982334232ff6c673f45505fb1c199204c5c82f97cc4903c654ca3c7cce9fad29be26854303ec4c703e9d0b8058","ssdeep":"48:1cpFuilPjKVby/j6HzHo6IH20BCq+ja/nv6CK5x6LlBgggggggggNOQAeFVZ4hPp:suihWy78ElHtgq6+nvPKb6Lla/Blu","tlshash":"5fc130a3d98241795b6652a29f63748cb1da410b8e88d4c1b59c4947ff80feeb0d26f8","first_seen":"2026-04-18T09:05:17.93901Z","last_seen":"2026-04-18T09:05:17.93901Z","times_seen":1,"resource_available":true,"data":null}},"time_used":448,"timings":{"blocked":62,"dns":43,"connect":1,"send":0,"wait":324,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/landings/wlc31/fonts/vendor.css?id=10f081b2847c3a4586297f39bc143559","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.458Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /landings/wlc31/fonts/vendor.css?id=10f081b2847c3a4586297f39bc143559 HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; laravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; SRVNAME=w2\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 09:04:41 GMT\r\ncontent-type: text/css\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=z%2B%2Fhp9hSu%2FVcckQLG3Me0hpeFEKyMKlZo2xmeynJFqU09JvVe9H%2BnJLFtzXYrhICv5eKXFtY31Q456Oj0a3X1mgjObrhzrqyuldwWTppsyIb4gu7MsE5b7CsAmAMOEwtFG4%2BPA%3D%3D\"}]}\r\npriority: u=2,i=?0\r\nlast-modified: Thu, 16 Apr 2026 10:51:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\netag: W/\"69e0bf1e-25e0\"\r\ncf-ray: 9ee280e31ac723eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9696,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (9695)","md5":"7701afb5d5034e3acdd6bfecdd42e96a","sha1":"e02cdd0669850c7461093f471121d7060d4a185a","sha256":"ba9d980288c0719d02ae2d42c92575911d2f907ba42fd261a199db0398e210a9","sha512":"8cdf396fc828cd7f75bb34fbc474403ce499ceca0bf1f05e59c57a032bd2d9733c018a3558784acebc37ef11d8c4af2ff183923d9263ea3750ac8f713281dc06","ssdeep":"192:B5bOoJ7kgjFDMDA7OEdNCxDdQ4dof0TWkujkJhPrH:B5btJjFDMDhDvScakJhPrH","tlshash":"511298314fe96138f72f872f75d15e982d58c923e6138f99f06aa639cdc50921272f09","first_seen":"2025-05-08T07:05:44.843099Z","last_seen":"2026-04-18T11:18:45.514527Z","times_seen":2159,"resource_available":false,"data":null}},"time_used":232,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":232,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/landings/wlc31/img/favicon.png","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:42.342Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /landings/wlc31/img/favicon.png HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; laravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; SRVNAME=w2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 09:04:42 GMT\r\ncontent-type: image/png\r\ncontent-length: 1935\r\npriority: u=6,i=?0\r\nlast-modified: Thu, 16 Apr 2026 10:51:10 GMT\r\netag: \"69e0bf1e-78f\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gbY9JgcKXfremXUi%2FOkYF3Ql1d1CfQ%2FSZ6OD%2BBdpmgG05skgWExPBHuuSTEB8kndpVtyHJk%2BNpm%2FxiFlC30URFM5Ed79hgE39RQUImzrjNq9r%2FhiP0aLXsir10kXp0YsLzGnfQ%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee280e8ac1b23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1935,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 128 x 128, 4-bit colormap, non-interlaced","md5":"ca15d590f08ef835c2e8c47a95a2173e","sha1":"210bf4b5cf0aaa523fb59b983f8e0c37de7b4156","sha256":"d706231b30f2e6e588c2a03462f04844ccc163bd8940384210927f443d885ab5","sha512":"a488f82f37db8113ce5e3547221370de0b371fa7b9257e79fc439a4228f08152d35f203284533c44bb2181a3fae8b1375e081f7da4960398f6c270ae3c40c07c","ssdeep":"","tlshash":"46411be34746fd6af816d9beef7ad7182f0b4c0804576d1e00270e930a7f5164154b3a","first_seen":"2025-10-31T14:39:25.991112Z","last_seen":"2026-04-18T11:49:13.662994Z","times_seen":11357,"resource_available":false,"data":null}},"time_used":250,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":250,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"http","addr":"4zbse3pi0u.efaaticketsa.com/2lr?s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","fqdn":"4zbse3pi0u.efaaticketsa.com","domain":"efaaticketsa.com","tld":"com"},"ip":{"addr":"165.154.239.215","port":80,"asn":142002,"as":"Scloud Pte Ltd","country":"Germany","country_code":"DE"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T09:04:40.796Z","timestamp":0,"http_version":"","security_state":"insecure","security_info":null,"request":{"raw":"GET /2lr?s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net HTTP/1.1\r\nHost: 4zbse3pi0u.efaaticketsa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nDNT: 1\r\nConnection: keep-alive\r\nUpgrade-Insecure-Requests: 1\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 301 Moved Permanently\r\nServer: nginx/1.18.0 (Ubuntu)\r\nDate: Sat, 18 Apr 2026 09:04:40 GMT\r\nContent-Type: text/html\r\nContent-Length: 178\r\nConnection: keep-alive\r\nLocation: https://yellowusheart.net?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net\r\n\r\n","headers":null,"cookies":null,"status_code":"301","status_text":"Moved Permanently","fingerprints":[{"name":"Nginx:1.18.0","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Ubuntu","description":"Ubuntu is a free and open-source operating system on Linux for the enterprise server, desktop, cloud, and IoT.","website":"https://www.ubuntu.com/server","common_platform_enumeration":"cpe:2.3:o:canonical:ubuntu_linux:*:*:*:*:*:*:*:*","icon":"Ubuntu.svg","categories":["Operating systems"]}],"data":{"size":6151,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T11:23:12.520476Z","times_seen":13896243,"resource_available":true,"data":null}},"time_used":80,"timings":{"blocked":26,"dns":1,"connect":27,"send":0,"wait":26,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/landings/wlc31/js/vendor.js?id=f23bc11d2441d5b9e86b53d88a5908ea","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /landings/wlc31/js/vendor.js?id=f23bc11d2441d5b9e86b53d88a5908ea HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; laravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; SRVNAME=w2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 09:04:41 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=hn%2B9fCo%2FmuBkBz7Dvp5qMN5vSwilF%2F%2BjfF30HwUQcffNzGhd2ns7BC9UXQq8B3pmyCB%2F8LL2JFxXcx7nllyh0ct06uZIEczhkskuanHt2B4quNse38jMSif2EyE7mYk06l86NA%3D%3D\"}]}\r\npriority: u=2,i=?0\r\nlast-modified: Thu, 16 Apr 2026 10:51:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\netag: W/\"69e0bf1e-1879e\"\r\ncf-ray: 9ee280e31ac923eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":100254,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65534), with no line terminators","md5":"aca5e6c0028f1b4960a0e62d6d24e559","sha1":"4a8d1497f6447254f1e671ee5dda6bd72f562a17","sha256":"364258e1672bcb945d88922135f05c121011adc7539bcc2da9e34bf409d7d032","sha512":"87526b200bde3c28a84e5e9046339f4cc518a53b57317ed9219dd7254c0604445a6e6c2caab7d916165a4bbffb78f3adcc7ea263bc846b62d0ccd58fc3aedc3c","ssdeep":"1536:v8gdiZ8tGTw+U6XMUbxmyBgoCJSLvWrbUSNSDoAzyuDNEVsHdlBGHMuZ+3v2MQ8/:QdZSNSDotgHdZuE3v4JuxQEL","tlshash":"e0a319ddb2c6716347ab70ba00bf550af2365599680d8440f029d8eabc78e4e523bf7d","first_seen":"2025-10-31T14:13:53.047241Z","last_seen":"2026-04-18T11:59:48.385757Z","times_seen":128674,"resource_available":true,"data":null}},"time_used":429,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":348,"receive":81,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/landings/wlc31/img/lips.png","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.461Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /landings/wlc31/img/lips.png HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; laravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; SRVNAME=w2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 09:04:41 GMT\r\ncontent-type: image/png\r\ncontent-length: 30923\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 16 Apr 2026 10:51:10 GMT\r\netag: \"69e0bf1e-78cb\"\r\naccept-ranges: bytes\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uBT3g5Uuh82EDMxPcgGY0HIRq3DH948MR0m6FmGx45bp93HF1zgFEJZqHIXkSQ6Ueg58FrvJ83Bl1VjuRERJzEXrqP4L3%2Ba5VAi7F1ep%2B1FemXgltTgsTmzfiIwjsaYGTXHLJw%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9ee280e31aca23eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":30923,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 362 x 231, 8-bit colormap, non-interlaced","md5":"7889392647559c033f44824644fb73bd","sha1":"03f6bf99594977eb8d860364905195943311a10f","sha256":"9daacb457bbef11290b677e8fd2316dc4970b8caa78a69a6e12c8d6ea22d4104","sha512":"dcb7415f616ff57cfa730e258adf561ea29ad4714f36792f4e9284c9cf23c6ed2b9e759de7eb8a4c9042356a04fc368f09cf2598bb9d861fde2874c525f3158c","ssdeep":"768:eMj2+en3fZFiFIOlJYMJQya6XuVZElktL507xSZ6hZ:eMTG3fb9OlJY7zVZElkjTYhZ","tlshash":"f8d2e1f264869343a3a138eec43fd64f7e6564928ea7b899f1cbc2347d1560d620f187","first_seen":"2025-11-01T11:44:43.068717Z","last_seen":"2026-04-18T11:18:45.512798Z","times_seen":1903,"resource_available":false,"data":null}},"time_used":350,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":348,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4zbse3pi0u.efaaticketsa.com/2lr?s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","fqdn":"4zbse3pi0u.efaaticketsa.com","domain":"efaaticketsa.com","tld":"com"},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-04-18T09:04:40.637Z","timestamp":0,"http_version":"","security_state":"broken","security_info":null,"request":{"raw":"GET /2lr?s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net HTTP/1.1\r\nHost: 4zbse3pi0u.efaaticketsa.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T11:23:12.520476Z","times_seen":13896243,"resource_available":true,"data":null}},"time_used":147,"timings":{"blocked":0,"dns":86,"connect":27,"send":0,"wait":0,"receive":0,"ssl":32},"alerts":{"ids":null,"analyzer":[{"sensor_name":"ultradns","sensor_type":"DNS","title":"DigiCert UltraDNS","description":"DigiCert UltraDNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://vercara.digicert.com/ultra-dns-public","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"4zbse3pi0u.efaaticketsa.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/scripts/fp.v3.js?id=646d4b3deea4287def3fdfc18906bcc7","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.459Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /scripts/fp.v3.js?id=646d4b3deea4287def3fdfc18906bcc7 HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; laravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; SRVNAME=w2\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 09:04:41 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7y%2BOCFsDIOV6tQc7VuD%2BVkQh5IcTW5rNHYaxK5twDR4rxPFwg5kLcgD7q%2Frllw5Y%2FFVOR8mi3Vp8c%2FxiEBY7PEYpdDk%2FJnbnIvhvs10MT6vjUeEPPTnMmS0jimGeplWyGFPqqA%3D%3D\"}]}\r\npriority: u=2,i=?0\r\nlast-modified: Thu, 16 Apr 2026 10:51:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nage: 2775\r\ncache-control: max-age=14400\r\ncf-cache-status: HIT\r\netag: W/\"69e0bf1e-9ca8\"\r\ncf-ray: 9ee280e31ac823eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":40104,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (40096)","md5":"1d8ad98fe3471d1a74d485f9b4737bfc","sha1":"a1190f7bb41660f682d59e15c2606279da0792f7","sha256":"9aa12d141f3c41629c83ac95bf3bebab2b33bca7f8f8988bf64b53b57c73714c","sha512":"7fb9f2102417806125bb6cfc40d829f98ca8cb772b9ba847562a19b7e0e6e3e1a3e78ccf464a2409741ee9074d12ca521d305c3ae16ff774e2bb6e3c462dda51","ssdeep":"768:WTW1G6kf2ckxyISuNwxJDJzFE8CYtCgkbAIlIdlIZCwXy:ljvfxyI7N8JDJJEnYsgu3ZRC","tlshash":"be0329d872c7b01e5263697a157fa046ba3abd50750d8c07da3be1c07ca5d4a023bfb9","first_seen":"2023-04-05T13:38:28Z","last_seen":"2026-04-18T11:59:48.417383Z","times_seen":213958,"resource_available":true,"data":null}},"time_used":12,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css2?family=Montserrat:ital,wght@0,100..900;1,100..900\u0026family=Unbounded:wght@200..900\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"172.217.19.234","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.692Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"1A:63:7B:F3:04:6F:4C:E4:F3:15:87:E8:E7:FA:DD:B1:F7:7E:89:49","sha256":"5E:36:5D:D1:35:3B:0A:E9:8A:55:91:DC:12:B0:50:4A:AE:D9:A7:97:06:7C:0D:D7:F0:23:3E:8A:B2:08:19:00"}}},"request":{"raw":"GET /css2?family=Montserrat:ital,wght@0,100..900;1,100..900\u0026family=Unbounded:wght@200..900\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Sat, 18 Apr 2026 09:04:41 GMT\r\ndate: Sat, 18 Apr 2026 09:04:41 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5839,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text","md5":"72ecc6cc0e11e6140e11a1dde0ebd5a9","sha1":"f711dd3d4fb940ff845c5323369ff16d261b1ab4","sha256":"0d1ee37453bbe3e63bb082f18f0d538fc8306fd4185e9df6b237c579d1252c8e","sha512":"7cf08986be803f128d8882fb40ce6bc84eeb288e617383c1cd7589e4a5eb23f4e3a431ee89e43816c90edfa46e64733257184fc4c898322293ad8daebd6e3d4b","ssdeep":"96:AOYg4aYwOYg4agFZOhOYg4a+OYg4a7nJc+udOYg4aeNtOO4aRwOO4aOFZOhOO4aq:AyYwyNFyuy3uySRk73vO6uLVmdX98Ic","tlshash":"3fc1fe910527e504ea431cc523cf7f269e4e62653495c5ba7ffe2c98adeac360325b2c","first_seen":"2025-09-11T17:16:41.908218Z","last_seen":"2026-04-18T11:59:48.409431Z","times_seen":156087,"resource_available":false,"data":null}},"time_used":310,"timings":{"blocked":138,"dns":1,"connect":21,"send":0,"wait":34,"receive":0,"ssl":112},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"yellowusheart.net/landings/wlc31/img/button-arrow.svg","fqdn":"yellowusheart.net","domain":"yellowusheart.net","tld":"net"},"ip":{"addr":"104.21.65.45","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.964Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"yellowusheart.net","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 27 Mar 2026 20:32:17 GMT","end":"Thu, 25 Jun 2026 21:30:32 GMT"},"fingerprint":{"sha1":"7E:5B:4E:3A:1A:B7:D7:0B:8D:BB:AA:B3:37:F8:F6:06:67:B6:68:7E","sha256":"A3:E9:13:16:75:22:51:59:36:20:73:11:09:EB:05:17:DA:37:0A:36:50:DE:58:FE:7F:E6:FB:AB:B5:01:A3:2C"}}},"request":{"raw":"GET /landings/wlc31/img/button-arrow.svg HTTP/1.1\r\nHost: yellowusheart.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://yellowusheart.net/landings/wlc31/fonts/vendor.css?id=10f081b2847c3a4586297f39bc143559\r\nCookie: XSRF-TOKEN=eyJpdiI6IjQ0OVczQyswNlNpenVwY2FsWTFIbVE9PSIsInZhbHVlIjoiSkc4ck90RnRJRGpkT01HeVh3TlA1TjNjUEpVSzJDOTlUVmRvb1ZTUTlxdWxyWnYwUEM4dG1BRjR6NktWalFEbWsrOU5DazlReVByanU2SUVTNS96Z0xwVkZDYUNqR1N5aS9aWTVRTE5FQ0dVM1k3RFZjWGEwaExKNVJLcUhoQlAiLCJtYWMiOiI2YjIyOTNlNDFkZDQ4M2ZhNzlkOGY1MDQ4MTBmM2U0YTY2ODMzNzZkOTdjNDJhYzIzMzgzOGE1NTE2OTliYjkxIn0%3D; laravel_session=eyJpdiI6IlZyUS9pOUR1bXdmQzhsVTA3MGRSNWc9PSIsInZhbHVlIjoiM2lwTzlFUVJtNCtjU25zMkY4SDhBWFFJT0xCcFRGVXRDOHdUdWFEMXYzcXlsaGxFZ1BqdnB2TW1YQUdVUEdocmFUZ0gxUlhCV1lCVUdHZ2JqY25GSllURUxPV1NRTWI2MExuSHNTLzRyVWg5WDdwcng3RW5qeG1NZ1h6eGs3RkEiLCJtYWMiOiJkYmNjZWU4NDRlNzNjMWM5ZDkxM2M0YWY2ZDcwYjc3YmE2OWRlYjEwMWJjNmIzZjA5N2RmODkzYzkwMTRiMWQ4In0%3D; SRVNAME=w2\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\nserver: cloudflare\r\ndate: Sat, 18 Apr 2026 09:04:42 GMT\r\ncontent-type: image/svg+xml\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=iOrSqPk7sZR9OI%2Fe8qoAqu3NACU06BZErPTQADm5cqJuMi9XohY3ISt82pmlTFqJp97RuAxWEHCLX%2FNIXTZhDFLbT0Vq46npTJRG%2BP9BzFqHr3kh53Sd0pDhDobVr1dcB4xasQ%3D%3D\"}]}\r\npriority: u=4,i=?0\r\nlast-modified: Thu, 16 Apr 2026 10:51:10 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\netag: W/\"69e0bf1e-212\"\r\ncf-ray: 9ee280e64b6423eb-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":530,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"b28f5090b01cfd9fbbd1323a6ae16736","sha1":"88c896c192f4cb70a030541f71ab9e6ce6adc8a9","sha256":"75f132a2551815754cd822c108f468ddddcc5a4b71ea1088cf4056192ea9be9d","sha512":"4a244edb51afa8e627685e7d6e24009d29d325faf22481310fab9ec266d891b7cadc649b6ab0e2ce3475469914683a17606054e7c0eb76a4d106d920fc11d592","ssdeep":"","tlshash":"32f0c9a863f8da41c0148332930d68f5706a38f8b619cc91f3d03c82b26862e2a652a7","first_seen":"2025-08-05T14:53:42.971919Z","last_seen":"2026-04-18T11:18:45.510869Z","times_seen":2144,"resource_available":false,"data":null}},"time_used":252,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":252,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-04-18","alert":"Sinkholed","trigger":"yellowusheart.net","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/unbounded/v12/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.976Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/unbounded/v12/Yq6W-LOTXCb04q32xlpwu8ZfvRQkSJZH.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://yellowusheart.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 50928\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Fri, 17 Apr 2026 20:18:55 GMT\r\nexpires: Sat, 17 Apr 2027 20:18:55 GMT\r\ncache-control: public, max-age=31536000\r\nage: 45947\r\nlast-modified: Wed, 10 Sep 2025 16:47:59 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":50928,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 50928, version 1.0","md5":"05d155aeb9312622bb55344a904c67a7","sha1":"7179f28585e79eb649070109ff59446ae8cadacf","sha256":"4b69ae920ef9fb5868c8255f5176e799e96d820db11a9e23da7de2ffd2af190b","sha512":"ce6260761e9fbaf82c95fe980b4bacc4dbbc96aecee4e5b70f7f57db488b29f7351c9a047be5a52de94a1e1bf05ffda15b4bd1ea59597d070ceda52ce51641d4","ssdeep":"1536:YavAFuYIsPewmVKgN/gy2DOZfOlgJeQ9nc:YavAcwmVK8x2yZf4gJeQ9c","tlshash":"2733028520f7291fc67232b74f68aaa4347163dea531d18e320970c8e9c665e6e3193a","first_seen":"2025-09-11T17:16:41.899057Z","last_seen":"2026-04-18T11:44:15.070641Z","times_seen":153867,"resource_available":false,"data":null}},"time_used":386,"timings":{"blocked":185,"dns":5,"connect":21,"send":0,"wait":9,"receive":5,"ssl":157},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/montserrat/v31/JTUQjIg1_i6t8kCHKm459WxRyS7m0dJ9pQOi.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"192.178.25.3","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:41.979Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:36:48 GMT","end":"Mon, 22 Jun 2026 08:36:47 GMT"},"fingerprint":{"sha1":"8B:DF:9C:24:AB:AD:AB:73:3F:51:0F:25:2B:18:76:79:1A:C5:63:A0","sha256":"BF:5C:B4:F2:20:4F:D0:E5:76:81:59:52:5F:3E:D2:4F:8D:33:B3:30:36:84:C8:7E:0E:AB:58:1E:7D:D6:E2:6D"}}},"request":{"raw":"GET /s/montserrat/v31/JTUQjIg1_i6t8kCHKm459WxRyS7m0dJ9pQOi.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://yellowusheart.net\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 39580\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Sat, 18 Apr 2026 02:18:41 GMT\r\nexpires: Sun, 18 Apr 2027 02:18:41 GMT\r\ncache-control: public, max-age=31536000\r\nage: 24361\r\nlast-modified: Thu, 04 Sep 2025 17:10:26 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":39580,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 39580, version 1.0","md5":"adbb74ed85ae03bafbc689d12c4b009d","sha1":"7f3b99b45e6d2fcfc6236e972f9eca353cf0d130","sha256":"d7143d0ded43c36b8c4ff4a0df9fba2d356d27f64d38f33d962ec5977f928d31","sha512":"d91511c5a20c5b851b6363603959dc520622c0202e2c39b8bd7cacf95f597bccbfe4595cda9785639dbd216e1a45c980e8e54c94a778165b6d81b83192d57a55","ssdeep":"768:GtZDr7XQiUGTkhuSlVGpCRf0p0lBYtg8PdVc4vtSbga/azp8kAUuzqksy8G:GzP7xyhuSlwpq7R8Ve6UN/ad8kLufsyP","tlshash":"e30301c6940ca5f9dcaa027bfc5e0cfa39654cb89c0a6b9c5f89e7634165cf2425ca4c","first_seen":"2025-09-05T00:54:06.266401Z","last_seen":"2026-04-18T11:52:39.772726Z","times_seen":134854,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":156,"dns":0,"connect":21,"send":0,"wait":9,"receive":4,"ssl":137},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026hl=en","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"209.85.233.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:42.900Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:37:42 GMT","end":"Mon, 22 Jun 2026 08:37:41 GMT"},"fingerprint":{"sha1":"3C:A0:0E:DF:F7:7D:A8:F7:0A:8D:D1:D6:B0:3D:65:40:6B:80:34:7F","sha256":"2D:AA:65:1F:64:8D:81:EE:38:7B:28:A1:94:5C:B4:DA:16:30:66:D7:0E:A2:40:17:26:64:EF:D0:A9:43:A9:91"}}},"request":{"raw":"GET /ServiceLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026hl=en HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: application/binary\r\nset-cookie: __Host-GAPS=1:vhXxerXbKSv4x2l8gVdVxPIGAuh7Ig:pOr3qNLccFF07jEk; Expires=Mon, 17-Apr-2028 09:04:43 GMT; Path=/; Secure; HttpOnly; Priority=HIGH\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 18 Apr 2026 09:04:43 GMT\r\nlocation: https://accounts.google.com/InteractiveLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026hl=en\u0026dsh=S1057458485:1776503083011373\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncross-origin-resource-policy: cross-origin\r\ncontent-security-policy: require-trusted-types-for 'script';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport, script-src 'nonce-bXpKZnzr0Oxwh9x1kcbxpw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/AccountsSigninPassiveLoginHttp/cspreport;worker-src 'self', script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/AccountsSigninPassiveLoginHttp/cspreport/allowlist\r\ncross-origin-opener-policy: unsafe-none\r\naccept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version\r\npermissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*\r\nserver: ESF\r\ncontent-length: 0\r\nx-xss-protection: 0\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T11:23:12.520476Z","times_seen":13896243,"resource_available":true,"data":null}},"time_used":218,"timings":{"blocked":94,"dns":1,"connect":18,"send":0,"wait":29,"receive":0,"ssl":73},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"accounts.google.com/InteractiveLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026hl=en\u0026dsh=S1057458485:1776503083011373","fqdn":"accounts.google.com","domain":"google.com","tld":"com"},"ip":{"addr":"209.85.233.84","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://yellowusheart.net/?s1=wkb1\u0026s1=wkb1\u0026s3=en_216:04:05act_KT\u0026s2=mgoldman@slurpmail.net","date":"2026-04-18T09:04:43.030Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"accounts.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Mon, 30 Mar 2026 08:37:42 GMT","end":"Mon, 22 Jun 2026 08:37:41 GMT"},"fingerprint":{"sha1":"3C:A0:0E:DF:F7:7D:A8:F7:0A:8D:D1:D6:B0:3D:65:40:6B:80:34:7F","sha256":"2D:AA:65:1F:64:8D:81:EE:38:7B:28:A1:94:5C:B4:DA:16:30:66:D7:0E:A2:40:17:26:64:EF:D0:A9:43:A9:91"}}},"request":{"raw":"GET /InteractiveLogin?continue=https://lh3.google.com/u/0/d/1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026hl=en\u0026dsh=S1057458485:1776503083011373 HTTP/1.1\r\nHost: accounts.google.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 302 Found\r\ncontent-type: text/html; charset=UTF-8\r\nset-cookie: __Host-GAPS=1:5UA2oQkFGsWnTVXD7ck3Z57ppz6zww:30S76HyJj0Dma9Zm;Path=/;Expires=Mon, 17-Apr-2028 09:04:43 GMT;Secure;HttpOnly;Priority=HIGH\r\nx-frame-options: DENY\r\ncache-control: no-cache, no-store, max-age=0, must-revalidate\r\npragma: no-cache\r\nexpires: Mon, 01 Jan 1990 00:00:00 GMT\r\ndate: Sat, 18 Apr 2026 09:04:43 GMT\r\nlocation: https://accounts.google.com/v3/signin/identifier?continue=https%3A%2F%2Flh3.google.com%2Fu%2F0%2Fd%2F1l0frEmdXyaOzgdSdyzEFLxHRz8nZsme1xNv0ZMbsDI0%3Dw100\u0026dsh=S1057458485%3A1776503083011373\u0026hl=en\u0026flowName=GlifWebSignIn\u0026flowEntry=ServiceLogin\u0026ifkv=AT1y2_VOhHE5aeAUXVL6e_NdT_xxokr7Ccpbm6Rr7ZZu-gbTFebtDHB7MMerPlWBeVQgYSFu7Xg9\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\ncontent-security-policy: script-src 'nonce-oPXAN_3zpxOYLvj_LvRsVg' 'unsafe-inline' 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /cspreport, require-trusted-types-for 'script';report-uri /cspreport\r\nreport-to: {\"group\":\"coop_gse_qebhlk\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/gse_qebhlk\"}]}\r\ncross-origin-opener-policy-report-only: same-origin; report-to=\"coop_gse_qebhlk\"\r\ncontent-encoding: gzip\r\nx-content-type-options: nosniff\r\nx-xss-protection: 1; mode=block\r\ncontent-length: 428\r\nserver: GSE\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"302","status_text":"Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"OpenGSE","description":"OpenGSE is a test suite used for testing servlet compliance. It is deployed by using WAR files that are deployed on the server engine.","website":"https://code.google.com/p/opengse","common_platform_enumeration":"","icon":"Google.svg","categories":["Web servers"]},{"name":"Java","description":"Java is a class-based, object-oriented programming language that is designed to have as few implementation dependencies as possible.","website":"https://java.com","common_platform_enumeration":"cpe:2.3:a:oracle:jre:*:*:*:*:*:*:*:*","icon":"Java.svg","categories":["Programming languages"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-18T11:23:12.520476Z","times_seen":13896243,"resource_available":true,"data":null}},"time_used":30,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":30,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}