{"report_id":"6eb4bdaa-9659-4682-8805-7ee873210424","version":6,"status":"done","tags":[],"date":"2026-01-05T22:45:43Z","url":{"schema":"http","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":0,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"final":{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"title":"OnlyFans leaks 10 per day – PasteFlash","dom":{"size":67461,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"4528dfc8620b560ee050f01630cdc4a6","sha1":"eb24dc3aebd89e3efee830f0c9a846dc79db74b2","sha256":"a09e1038c9e574427676ce550d0f7356ecd046de1740b35881752a8703d59e10","sha512":"4f733a808c3002775ae5f28764d2a50a15f833bcfdfff7fe951612fa7dd03cd50081a50d2b7b0dc57afce5f002178457701bcf4fe90462e0ca4f48fdb642374a","ssdeep":"1536:uydhksfpRpOitinbObwHuHrFlFpFPFgWEYM0+8n9:TfpRpOitinbObwHuHrFlFpFPFgWEYM0F","tlshash":"de63df5e2de25144d64b8224a7fe6b18271c8483181bfdf9b3e618cd8f45a7c53ea21f","dom_hash":"domhash37fa84df85cae22f54658f4955cb225f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":0,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-09T22:45:43Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":2,"urlquery":0,"analyzer":21}},"detection":{"ids":[{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-05T22:45:22Z","timestamp":1767653122,"ip_dst":{"addr":"162.159.207.0","port":3478,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"ip_src":{"addr":"172.18.0.28","port":40030,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)","source":"{\"timestamp\":\"2026-01-05T22:45:22.828165+0000\",\"flow_id\":1570421489181445,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.28\",\"src_port\":40030,\"dest_ip\":\"162.159.207.0\",\"dest_port\":3478,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016149,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Request)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":62,\"bytes_toclient\":0,\"start\":\"2026-01-05T22:45:22.828165+0000\"}}"},{"sensor_name":"suricata","title":"Suricata IDS","description":"Suricata /w Emerging Threats Pro","date":"2026-01-05T22:45:22Z","timestamp":1767653122,"ip_dst":{"addr":"172.18.0.28","port":40030,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"162.159.207.0","port":3478,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)","source":"{\"timestamp\":\"2026-01-05T22:45:22.828817+0000\",\"flow_id\":1570421489181445,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"162.159.207.0\",\"src_port\":3478,\"dest_ip\":\"172.18.0.28\",\"dest_port\":40030,\"proto\":\"UDP\",\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2016150,\"rev\":3,\"signature\":\"ET INFO Session Traversal Utilities for NAT (STUN Binding Response)\",\"category\":\"Misc activity\",\"severity\":3,\"metadata\":{\"confidence\":[\"High\"],\"created_at\":[\"2013_01_04\"],\"deployment\":[\"alert_only\",\"Perimeter\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_04_24\"]}},\"app_proto\":\"failed\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":1,\"bytes_toserver\":62,\"bytes_toclient\":74,\"start\":\"2026-01-05T22:45:22.828165+0000\"}}"}],"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null},"summary":[{"fqdn":"protrafficinspector.com","ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-30T21:57:49.11287Z","alert_count":0,"request_count":2,"received_data":844,"sent_data":884,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.cdn4ads.com","ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"domain_registered":"2020-04-18","domain_rank":441594,"first_seen":"2020-04-19T20:21:04Z","last_seen":"2026-01-05T18:15:32.948506Z","alert_count":0,"request_count":1,"received_data":42469,"sent_data":451,"comment":"","tags":null,"fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2026-01-04T22:17:15.216142Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"adsco.re","ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":3069,"first_seen":"2017-04-03T03:11:30Z","last_seen":"2025-12-31T07:41:43.098962Z","alert_count":0,"request_count":1,"received_data":1789,"sent_data":446,"comment":"","tags":null,"fingerprints":null},{"fqdn":"sourshaped.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-10-06T14:35:38.581947Z","last_seen":"2026-01-03T09:56:38.479224Z","alert_count":27,"request_count":9,"received_data":19252,"sent_data":8146,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"104.21.15.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2026-01-05T11:59:30.493603Z","alert_count":0,"request_count":1,"received_data":2272,"sent_data":478,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"pasteflash.sx","ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"domain_registered":"unknown","domain_rank":0,"first_seen":"2026-01-03T04:30:15.656512Z","last_seen":"2026-01-03T04:30:15.656512Z","alert_count":0,"request_count":4,"received_data":569233,"sent_data":1926,"comment":"","tags":null,"fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}]},{"fqdn":"wayfarerorthodox.com","ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-03","domain_rank":0,"first_seen":"2025-08-08T11:06:50.216151Z","last_seen":"2025-12-30T10:54:18.159058Z","alert_count":12,"request_count":4,"received_data":22127,"sent_data":5980,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"4.adsco.re","ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":95532,"first_seen":"2021-01-04T16:47:52Z","last_seen":"2026-01-02T14:18:55.851749Z","alert_count":0,"request_count":2,"received_data":1052,"sent_data":853,"comment":"","tags":null,"fingerprints":null},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2026-01-04T22:14:09.841371Z","alert_count":0,"request_count":2,"received_data":81926,"sent_data":1096,"comment":"","tags":null,"fingerprints":null},{"fqdn":"1xgsu731azaj.n4.adsco.re","ip":{"addr":"38.132.109.126","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"domain_registered":"2017-02-14","domain_rank":0,"first_seen":"2026-01-05T22:45:45.00642Z","last_seen":"2026-01-05T22:45:45.00642Z","alert_count":0,"request_count":1,"received_data":463,"sent_data":438,"comment":"","tags":null,"fingerprints":null},{"fqdn":"villainindiscreetnewsletter.com","ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-12-19","domain_rank":0,"first_seen":"2026-01-05T15:40:51.467925Z","last_seen":"2026-01-05T15:40:51.467925Z","alert_count":21,"request_count":21,"received_data":58644,"sent_data":32047,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-12-30T08:11:41.528618Z","alert_count":21,"request_count":7,"received_data":249565,"sent_data":3155,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"acceptableredheadcaviar.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-05-12","domain_rank":409736,"first_seen":"2025-05-21T00:06:33.88165Z","last_seen":"2026-01-03T04:30:16.307154Z","alert_count":12,"request_count":3,"received_data":171344,"sent_data":1370,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"1xgsu731azaj.s4.adsco.re","ip":{"addr":"185.200.116.60","port":443,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"domain_registered":"2017-02-14","domain_rank":0,"first_seen":"2026-01-05T22:45:45.011266Z","last_seen":"2026-01-05T22:45:45.011267Z","alert_count":0,"request_count":1,"received_data":463,"sent_data":438,"comment":"","tags":null,"fingerprints":null},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-31T21:55:03.360474Z","alert_count":3,"request_count":1,"received_data":85956,"sent_data":411,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"cx.dornrusky.com","ip":{"addr":"172.241.53.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-04-08","domain_rank":6708079,"first_seen":"2025-07-28T06:42:59.614248Z","last_seen":"2025-12-28T01:03:33.019897Z","alert_count":4,"request_count":1,"received_data":1442,"sent_data":421,"comment":"","tags":null,"fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"6.adsco.re","ip":{"addr":"104.16.84.77","port":2087,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2017-02-14","domain_rank":91627,"first_seen":"2018-01-15T04:15:29Z","last_seen":"2026-01-02T15:58:02.609061Z","alert_count":0,"request_count":2,"received_data":1183,"sent_data":853,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"cdn4ads.com","ip":{"addr":"216.59.63.128","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"domain_registered":"2020-04-18","domain_rank":44268,"first_seen":"2020-04-19T20:21:04Z","last_seen":"2026-01-05T18:15:32.882373Z","alert_count":0,"request_count":1,"received_data":257,"sent_data":1740,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.storageimagedisplay.com","ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"domain_registered":"2024-09-13","domain_rank":170153,"first_seen":"2024-09-13T12:56:32Z","last_seen":"2026-01-05T09:14:03.22878Z","alert_count":0,"request_count":8,"received_data":597022,"sent_data":3947,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"1xgsu731azaj.l4.adsco.re","ip":{"addr":"185.200.118.62","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"domain_registered":"2017-02-14","domain_rank":0,"first_seen":"2026-01-05T22:45:45.005722Z","last_seen":"2026-01-05T22:45:45.005722Z","alert_count":0,"request_count":1,"received_data":463,"sent_data":438,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"31d98b9728cd9a2b5e3a7a204e0bd38c","sha1":"5d2e44a1eaac2015c3889ecd4e1da4d30d572d5e","sha256":"778cb2814df366d0a06a0cdded274581237f58118659704c9e52e28d7d673449","sha512":"c073fcd267b8a4719406a6dfe1223e55aad0e61fae2f9b4f2cea878c3baacfea25b4bd1231fe0bd4b7c9b1454fe87b3f5c1d885d173cf3480840829e47222cbf","ssdeep":"","tlshash":"cab012dbb4a52d3108ab1a5213a786f83154424428891012361cd0490623554157bdb8","size":89,"data":"","first_seen":"2026-01-03T04:30:22.517434Z","last_seen":"2026-04-19T23:05:40.652978Z","times_seen":150,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/53/23/86/5323869a8beda1d7db01e9c875b2f49f.js","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"d720eef71edef78b948a643d5712ec07","sha1":"ea5eb334bd6ddb0f04abafb700dc2ecb30070c76","sha256":"2daa1a91b2430e9867296c9cb26d1483785954a9bdd66f79b2c754bab7092cae","sha512":"63368ff1fef849df7f849af23bc2f24698893bd3d58300282427a76665b2d5c94f097d409f93173ad9c36944b4fffc2e37fa03a91f81e4e04f3737f9b73d2d6f","ssdeep":"","tlshash":"5f6000c00000c00c0000ccc3c00300c030000030c0cc3c0003003c3300cf00ccc00033","size":15,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-03-06T11:55:01.51255Z","times_seen":24260,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"javascriptURL","is_inline":false,"md5":"68934a3e9455fa72420237eb05902327","sha1":"7cb6efb98ba5972a9b5090dc2e517fe14d12cb04","sha256":"fcbcf165908dd18a9e49f7ff27810176db8e9f63b4352213741664245224f8aa","sha512":"719fa67eef49c4b2a2b83f0c62bddd88c106aaadb7e21ae057c8802b700e36f81fe3f144812d8b05d66dc663d908b25645e153262cf6d457aa34e684af9e328d","ssdeep":"","tlshash":"aa3000000000000c000000000000000000000000000000000000000030000000000000","size":5,"data":"","first_seen":"2023-03-07T01:02:06Z","last_seen":"2026-04-20T13:27:49.507147Z","times_seen":69009,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"9aa3dc35f8ba994aa0f04a42c4da5062","sha1":"a65df79b7b70e8b8d22a2db929f6598428a827e0","sha256":"89e4c05e12e12f5bdf85a4fb89bad572dd85256091add09fdb9c6e42e703e2bb","sha512":"72ec1d5aaa34463f798b2d2c5976a6221f70e51ea2afff582319f4c8b7e31f4a67ef2a2d39427b4d1cc89ca66c4d4374db662c1137380ce0aad2acfcdbed4d6c","ssdeep":"","tlshash":"ec7000080000a0308808a002882ca3803c20a820b022a008080823080000a020008e0e","size":24,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.46926Z","times_seen":23254,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"53cefba39ba2e64b5ecd9871fe329f4d","sha1":"f8ac43ae691a24265ffc4aec903c9c145da6bfbd","sha256":"54dc099a3048c3b6cb2a367c69755a8f42e9a45dc8115ff9c0d846c8120c44d6","sha512":"0efb2a5261b0a00e9c6e2ef8f9e739b69f3f415b128195aa6ab1079a717ee2d42809dc3900c7db7a02ceeb1470c26a62e535176e5e451a2d9d4eb29603585e9e","ssdeep":"","tlshash":"83d05b5b70662a70dd7b1aa67137dbd0253011007c43c3a5957dd5801de261970573af","size":260,"data":"","first_seen":"2026-01-03T04:30:22.518671Z","last_seen":"2026-04-13T04:20:32.614146Z","times_seen":79,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/assets/banner-728.js","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"10098419982b5f1cda9ed02fc2641dab","sha1":"65527aec10d36770a24d44d3a16e29cf7df6c5df","sha256":"71d4aa0a1aab1fa2bc48abb42fc4cb764a78bc6935e186d4f3952b339998701c","sha512":"5ad351bf1b1f848bc86f4756ca9c2e9ba1dd6e9caf4e18359f35e053538f95462b0d32036c0f8b61397b5d89f638ca4899554dd0380f15c2bbdce408ae0927d2","ssdeep":"","tlshash":"a001686a1e932430d566306e57af66483222c1231601e8027d9cca196fa4d7a9632f99","size":819,"data":"","first_seen":"2026-01-04T23:46:41.736043Z","last_seen":"2026-02-04T03:42:46.433603Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"fb440b8133f21c3e5d3e39624e7bda94","sha1":"1b46d8568f9bd8a2be944d6a61924a21ec0b6e4f","sha256":"a5e2bc908c3bd3196d273564d073484f9905d13817490eca5aa249e701139cdc","sha512":"f874692932aab2be754d763a3998c5cd3c654a5bcd78c5d839fe0ba506f9a9e563d3cecba0ca71a6b0db35ff94943f6fa8bb0292f10c1aeb7df2704ea6d85fbf","ssdeep":"","tlshash":"047000000000000820200802220322083822223002cc0002220a083022ea00b80282a0","size":20,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T14:02:47.10287Z","times_seen":24303,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"62e121930688c130e3f9dd2557b03b54","sha1":"96cafbf2e65a315751e82b5f74cbd63845559dc6","sha256":"bdc8063aba0afa812bb25d08c56c3ab49675f34dd8e20601cf563ad98248850d","sha512":"594ba24c1bd4b222559038a0c8869c2b8c0ae35f8bd66f92ec801af5b6a46db1ddec1f7fd4ec75c512408c4eb6b5138d4b34ebbba4199840e031be68d84ebce6","ssdeep":"","tlshash":"8201680e759635353121c09da7ef91141b7a84073209da18f92dcb446f98835d6b1e9d","size":824,"data":"","first_seen":"2026-01-05T22:45:51.487032Z","last_seen":"2026-02-02T14:03:44.110182Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"19aeb0a9252711ee820903500929390c","sha1":"9bed7986674a75e8d3b865408569bb887231132e","sha256":"5e5f2f1f711f987ec009e12290a7ab87b97bc88d150bd405f52a622305d965a2","sha512":"8a5d361528b685dca61fb7d52f305fd95667b13822f289083f0d15986e94ae09cad530fe95fe1d6a85fe069f5705332a94a4e7ec45a581a1682b954f11287d33","ssdeep":"","tlshash":"62c08c84bf093c117a20341fe30803ccc8c287222aa03a0632cc4020a88602a8a01804","size":145,"data":"","first_seen":"2025-12-19T21:22:08.891644Z","last_seen":"2026-02-04T03:42:46.478775Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"57e7d7691890c154d92cbb0ea7478e59","sha1":"4939d5488d9a23fe820e820984f51216cdd10f2e","sha256":"d34fbd2b54895ea17c4ac993bb42099fc1d6bffa612d70210b1816c9703d3c27","sha512":"e0f01d4a250df575b2a5806f583b1c71873d06477316973ea6028c2f42864cd3e572b781c28a16fef6891f4e177aba386f2a9d9656d56a92f4e463b21d3143db","ssdeep":"96:xa9FSscYozqL60ohTyBm3bjQ7u+eH7k/+OQe/PyXf4uw1jDQr7rNCfMEDaH:U9FSsAzwoh0uHNbkKjovQPhCkCaH","tlshash":"7fa13ba61d966674389360af466f980c0d83e20b2d84fd07f98cdef14f447e44eadc98","size":4983,"data":"","first_seen":"2026-01-05T22:45:51.488332Z","last_seen":"2026-01-05T22:45:51.488332Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-20T13:38:49.709004Z","times_seen":10900,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/assets/native-ad.js","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":false,"md5":"d05dfa81c786a20fafcceca6f1f211d8","sha1":"4f6da6db2c6767d6a5487552c91b6153d4ff3050","sha256":"7bb33d2dd3964fcac489cacdd9eb0145dd8225da46a788c26e7c553449a779d6","sha512":"106f217cb7752ac7778acdca0890a10f75b07d2809efe7908dd59a1ac4708a3cffdfa3f34b456ddeed7396c10f2e88bc4b6edd07e489ab4e78696819dee7b4fb","ssdeep":"","tlshash":"07218e4a0ea2642d9d5f31aec7efa214269280234507d901bc4dc305afe477e491eeef","size":1199,"data":"","first_seen":"2026-01-04T23:46:41.734424Z","last_seen":"2026-02-04T03:42:46.434592Z","times_seen":51,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"e969e6981adb7ab1cb174994a5c8c627","sha1":"5f534a259a6f3754d1d392028fd4cbb344fb6563","sha256":"5cb18f9c0eebf644c0bc27e5224177984121b4c4a3f8189861a6d797a15a2e7a","sha512":"10bbe815bb6e4ade10d00a42a82dd10b668e95e275161cb0a637b2ea95785f8f7fc72b31bb48ac9c1dfad03d811912c0683941a3c09357525f164915d5b033cf","ssdeep":"","tlshash":"a380000a88a8a0222a30a0228c020200202e822080ee208083f2032020c283c022b802","size":30,"data":"","first_seen":"2024-02-12T20:00:22Z","last_seen":"2026-03-06T11:55:01.514986Z","times_seen":20053,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"41310478a380eaf7e07dbad9b4f81a97","sha1":"1714b6ef86e90b5b23e2aaa1e7728ed9c59f4d34","sha256":"848e5342d9196c0f64861ab926a3c5aecce9294750febbd22e5d8df859bdb144","sha512":"7b93f330547524ce01b8f888a8d56c19cd4432fbee43db16aab33fc1aecd77243762c5e7dd5ce767e38c0fdf9d58bc629caf106d77689c1ef90ebeb09406580e","ssdeep":"","tlshash":"d37000000000000b203c00020a023a003003003000880800820808302ae800b802c0a0","size":23,"data":"","first_seen":"2024-02-12T20:00:21Z","last_seen":"2026-03-06T11:55:01.500018Z","times_seen":19951,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acceptableredheadcaviar.com/e334b1dced9b7de054ba28a632e99804/invoke.js","fqdn":"acceptableredheadcaviar.com","domain":"acceptableredheadcaviar.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"0dd1f87d80fe1151faa7385b6f19d484","sha1":"4753e86234118c178e732a623287a166070d3531","sha256":"ace99e88f256b2314be440144ac33883ae7524c55bfdb1d7a0a8c24915af2c1f","sha512":"6a8fe48612c37c40518440446a63bd9c6ea53466815a79c94fc0d9e9af744ddb3f32b1c605dd53bb0f9f3745550b9a3b3ddee9db44453abcff6190795c3a52da","ssdeep":"768:pL+PQPpOgRDGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhP36jIb3EX:pbRDR6fCoM4R/Zyw4/6jIS","tlshash":"d513d79a7f91b5ac0376b47b043f922ff6399d0260c8c9acd103e8952f9ca4dc539b59","size":43770,"data":"","first_seen":"2026-01-05T22:45:51.458585Z","last_seen":"2026-01-05T22:45:51.458585Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"aaf72876f0d5e8a677a383fd45bf938b","sha1":"d8b2ca3c238c933223f4a6313c5c0561f99e0c1c","sha256":"15eb7e222abfc64660d0f94c04053839498df20ea9ac9a13a201701a56ce3bf6","sha512":"c6bec20224539a5319a753a794c7521e7063e76b3d41bac8d7f0159880eaf3ed07c3fc1b0eb4ec285f1970f270f4b0ab68890d5a0ed01e3b1542102ad707f6d7","ssdeep":"","tlshash":"207000080820000820200802220322283822323022cc0002220a083022ea00b80282e2","size":24,"data":"","first_seen":"2023-03-07T01:03:03Z","last_seen":"2026-03-06T11:55:01.498128Z","times_seen":23956,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cx.dornrusky.com/th859PM6tTb/133986","fqdn":"cx.dornrusky.com","domain":"dornrusky.com","tld":"com"},"ip":{"addr":"172.241.53.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"f7a2939527fd9e68723da600e96d76bd","sha1":"a9e717b6364d2895ee0a716050db32ca0ef1bb42","sha256":"d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a","sha512":"e6956ec633c76eb3ebc408528f950b81373238cd1d5b9fff5ddd97089ea14a1ff5934f23769bac5d93cc4cdb6a1fbc4ce69baebfb940a55d8a7a89caccaf92b5","ssdeep":"","tlshash":"ec300000003000000000000000000000000c0000000000000000000000000c00000000","size":5,"data":"","first_seen":"2023-03-07T01:14:39Z","last_seen":"2026-04-20T12:12:30.015735Z","times_seen":14003,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"b9e26f98fcad1f73033ea3fc887c8ec6","sha1":"741a0654dd046701ef7ae0f395f1a74e3b339920","sha256":"3f8c938b2d954a6a5cb21d61fd1e57d15918282f9a72ba2d0090c544a0cb91a9","sha512":"6419b737d0327621199279822a687bf21fa9e802b1210bcff8e0efa2c81563addc2b0037e269b0cd9e2456abc57608c56f8bd9579828bfbce6d4efd1c9a13041","ssdeep":"","tlshash":"3c310bbf502526b378da51ef821de66c4e56c6060dd47346fc5f0ea0014c2f89a2f848","size":1786,"data":"","first_seen":"2026-01-05T22:45:51.491064Z","last_seen":"2026-01-05T22:45:51.491064Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"c0f8c8934b01e7a9f1b33e2ea633d76b","sha1":"8c5d7331a084df57ed2a7d89d62b42a68ae28f80","sha256":"df579aa90e53e535e8941ab3837a57a6b4253061c7edbf71f308cbf609abaf62","sha512":"7b3705b2e2dfe38e6e2b8e792939477afc6c0be599b2aecb33f81d846eae36263c46762ad12f9362d83a8003ba9f987645756013b427c18c0fbe9bf62bbb33f6","ssdeep":"","tlshash":"e0e02b2a98e706384cf67a441079da7934fc78a4aaa3d057525cc87dce39fd54c14aec","size":424,"data":"","first_seen":"2024-08-19T18:47:38.983079Z","last_seen":"2026-04-13T04:20:32.628638Z","times_seen":93,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"eval","is_inline":false,"md5":"104eefdc6b849dce08d25df9f47748c4","sha1":"3ec8b21e8a0e6fff607fe0de459ecb4087a37383","sha256":"6bdfa870bf05b9b4bdc9cdf0492d0471c6198fd4200309de262c481494c77081","sha512":"c5ea8c2d92611b7ccd58b8d7a5036df1537cb57cc713ab81991ffe1cece97d1479a585ff552b3b14d0290367cb39fb2db9b99ef6f90e8431a5b43762d398420f","ssdeep":"","tlshash":"a2310a6523aba67c2d52c1c70d4f5c6401c7be997ec4044986282af659c02e1459dcfb","size":1516,"data":"","first_seen":"2026-01-05T22:45:51.492421Z","last_seen":"2026-01-05T22:45:51.492421Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"222323d4ccbac6b83d75dbbb35b77d4f","sha1":"22dd6a4aa784e47dd779b50e768065e6db41e404","sha256":"c66ced51cafdeb3a9e3544b0b2e7de4c955a4cd347c4d7b5d74f36923df5a7bd","sha512":"37bf2d097b4059fa3488403536cace1b1a09e4e49c076065857a9842c4d0b68173aa6ffd78eaa86fa4bb9e0a8215d7df085638c19ac5087eb81e78efce0ce88f","ssdeep":"","tlshash":"a76000ccc030000000303033300000c03c03c00cc0c300c00003330300c0030033000c","size":17,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.484344Z","times_seen":13990,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"2c084d7a70540c1262a219b2a8cc9fd4","sha1":"eefaa67108d13d8d4e5466f2d1e7045cb1f70af0","sha256":"452b221b134294d7f47d7fd08c8ab2c43735e39fc913e62f5e5391dbb85dd24d","sha512":"d98ea15d0b78fc777b39b0fb88d721a82318fc575e1f25a92495fb6bdace3dae221815d07de5d85c1f6f466952741e6b837503b8e06b31e8fc6fdfecf90e0e55","ssdeep":"","tlshash":"b331bc9826f714e61b3a64b54b87a1a46b3040632407d0d2fe5cf385bfce626c576a8f","size":1671,"data":"","first_seen":"2026-01-03T04:30:22.525327Z","last_seen":"2026-01-20T23:38:12.222414Z","times_seen":24,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"21ffffeea6192006360fd4c088c1a6a0","sha1":"dd019e365dcdacaf7bf18d31dd7253f0d214ba73","sha256":"f63855049eaac726a398cfe7c8a27aec84e44cb0dc8d0f54ac6ce98ced7820ef","sha512":"fa9986e14f92322cbe49596d6f0c38e7838faa17a2963d6fb1dca1961050599b8828f7c6cb8a5e56c154082958526816a5740f859ff5d4e1a1b167bbe602924e","ssdeep":"","tlshash":"030146282400645626d63478423fdc09b57326a95b12fe6178efd4d16ab1cc72c8b7ce","size":840,"data":"","first_seen":"2026-01-03T04:30:22.527804Z","last_seen":"2026-03-25T13:41:56.736321Z","times_seen":77,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"d9f9b0f82813d813afe0d450e9fab4d6","sha1":"cb6ce93dd97adc3649f697ff49681f5aaf8b1671","sha256":"d204422e9d49293ab422bfabae9607635876cb30f77215f133603bac691f6f4b","sha512":"849997b396eb218b8bbc788eeb34ec3eb9ab4c809a07ac707a57a5e13baabb69d2c52795403d032f007276109c7f4476daa8255550fa236873e1eb9ba6dba3ba","ssdeep":"","tlshash":"706000c20008802002c200028820a2802832008a20022000c00800000000a0c0222808","size":17,"data":"","first_seen":"2023-03-07T01:03:05Z","last_seen":"2026-04-19T05:15:08.451605Z","times_seen":23637,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn4ads.com/dqyccoyrrlmegyia?LsNfxkEo=BQOCAAAAAAAACZUAAvjtukvDg8qY7SGEpQeOrfSFM9vBMsPU-XCYSjtXcWc2JdcVwqmk3ldObI1SVAm_4O8n2R7yhcHfsWdm4MWBWFFAun_KmZ6DeTpLWtJd38wvcsi-2tFdFR6BaY06TZgwcOX7tJc6Ks6A106uUhc-QOhsLu5NAbCxY4ypRV-uJB6Vuq-UWTjUEMQnvC98rjK_fuLwUiiFgXrztjMbLta7nKUOPtuTpmiotxVMaSY2OdlKsUKuuQpGmRxOkhYNvwExq4oop_9pRWhwWO_59lC1DyE51jBqam_RXyyL6_7UW_CBCikha8uWhDL350e09hV4leerPlQgobatK_lx1eY2m0SonYrn5g478lzMUNRJxTpo_GCPygxqDBF86H_Qx-0ADj-k9Yvnb292I9VdYshV_aJTs9Bipk02ix1_B6kuDG4c2AYzMl42yPLpQoR5f7KN1fDk1BXZkzIgGLcuWYm-zx0Y_SFpk78x6fuZqHA1-YOq3kD4f8avAj41X_s6OIIJxn3Af-WClp389neuZATfjMtydhfM-_MayP2Ky1WK-6meR3WJ1N6pEjZHhkcPv0C5DS6Th1qqmTOvD1WF4-hnKv8QTKmGP5Jrf40aBgmCg8OS8qOSpPxaO_uZ8gMdwHqtRlsltCh-9Y_e9lD6rl8l00UJw0Z1zZmsGmuWlp3kHjJN5IqkpepVn_07QxuRm017LMPuOufecnTvrjb2jk1yRMBShX4yF8REmZlyzEvr3gYbN2AgxAw6lLnJuZF2kSR9dKvkrdbrL9J5YHGApkZcSWQNaKQfDD_4QM66-UlOClDqNv_kT_rMah5pEgrVkmiKXKadtqxpeoZ9uNGoMOopOOivKjCHF_P1x9bv0aRZN7ymIPiEtcmsJAJLMQeSRruFgqnWYeJ-8K0ffB_QBvmtygc9vWyjOSSvlIrdCZ1LcvRJ2h0caNBlLJR0gsZxc6yS6uqUJgP7JVzcCZUpwQKgorjEu4h2B3cuzymP2SnJV1Xelp7v3RvIHGdRXAeW-1dFuXx9r8jOCy4HBLwraxEd8Bh3zPHJETVL6sDS6o_n8WapF0745NJdfESe48oHNP3UuTP8gOu0cIj4vLOE50JgO824SQtMxhNa7fIB3nEf-YoNoDoRWrgH4s_giAFxUQvL4RECrQwAFDgNs0SSbkVXYzeKLCjJUaKG5DJB6IOOWfau\u0026AEoOuHBq=4\u0026UgSaeBLI=5264547\u0026TDYpOnog=\u0026slJHzwNt=0,0\u0026rYxZzpuk=\u0026xmNsKnur=\u0026bPIhtazN=1280,1024,1,1280,1024,0","fqdn":"cdn4ads.com","domain":"cdn4ads.com","tld":"com"},"ip":{"addr":"216.59.63.128","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"d5f0a25e4d3522d56d48ce7bc3e518fb","sha1":"86794caff58f7fee6e684c2ba7195f970a8d6f4c","sha256":"9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5","sha512":"a3a81801f516a4eb11f00d6f56dab0ed4b8a79219e6b4f5436993479f09dae08f14cffbab3327ff66fb39201d8eba1153ae7114f7705a01cc6f0edf840ef1616","ssdeep":"","tlshash":"789002801814116115d1500b8d5159d01259b1a4540801324446ca502dc7883a415774","size":44,"data":"","first_seen":"2023-03-07T01:17:45Z","last_seen":"2026-04-20T05:40:40.345222Z","times_seen":23469,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"b7d8a1a33a77fcd0328d3c709c5a9eb3","sha1":"e8ea90d66488aae87f231079141b02b04cc26f05","sha256":"3f06772f212125287a824492bf133d5fc6ef851b8478c081406f650716869cde","sha512":"b92d0879e95318270c892770db71380d6f66efbeb8e4c9a8155e82b09e66a0a90844a4d0e38ede9b6bd536d8926ab4359e3bcc5266594f04136fa66295bbc9c1","ssdeep":"","tlshash":"f37000082080000200200002020222003202203080c82002a2000a3020ea08b8020080","size":20,"data":"","first_seen":"2023-03-07T16:36:56Z","last_seen":"2026-03-06T11:55:01.489296Z","times_seen":4296,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.cdn4ads.com/ljquery.jsonp.min.css","fqdn":"www.cdn4ads.com","domain":"cdn4ads.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"introduction_type":"scriptElement","is_inline":false,"md5":"8dec5a628accef41958e35732c981ec8","sha1":"8525d015ecc3aa9fbed456d22a037556866633e3","sha256":"cdc470ed30f784d93ca7e174c61791fb8ad4f37dc8c1caae0c9342a39454a4b6","sha512":"3622efea19a633caa099cdb23b3e8b401222aa27c987a405a6161e8caf382e310457f11961855dfe3bce9dd87d05fdbaacd4f702937ced9e43246e9e81400579","ssdeep":"768:bt9rqAYKK2ZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCbbLCntlqod:bb9ZzFQ9JsTgZvfzmMzhYrTscpEZw","tlshash":"8b1329aab286282601e742b9503eb317b23305167912d458fcb9cdf96e3dd86117b7fc","size":41922,"data":"","first_seen":"2026-01-03T04:30:22.51299Z","last_seen":"2026-01-06T04:09:54.072211Z","times_seen":4,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"64f5eda2358946e570db8ad1e9c37701","sha1":"c37b901ba0233909bb8d1eaec85037e0095a7bf0","sha256":"77576d06528b8c546acbde1c2525796e729469c951205c58a0c4cfa1095be3e0","sha512":"07050b1c27881686097c02cbb2727f3f1b54e97e76f207accfb7776b74893512afdb5bacfb434f3945cefd6957e5dc7e7fc17704effa13e518b5bb37b7915eba","ssdeep":"192:6lJQLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:6lWLiEWiFiHn1VuexjrHnAym","tlshash":"1f22540819b9d521c44da02e207e3256f72409639d7abfd8bbc941045fde95f7ab813f","size":10330,"data":"","first_seen":"2026-01-05T22:45:51.496055Z","last_seen":"2026-01-11T16:07:03.793137Z","times_seen":5,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"79e362235e366729632e60d6d35f8904","sha1":"69df1a1691b05442e11e2bc5825fc6297b977a92","sha256":"da82a56eb8524f5d12a2afcf2c5d0cb6184f26995167212a0ccb3bc2ba0def36","sha512":"94ca14ccb12238f547249a07134689257dd97639be34d7f466f52741df7176be982d88c5d294dd42a534a32d908533b5eaae33a13cb47ce0cf065d3098d9383d","ssdeep":"","tlshash":"fe60000000000c30000303000c30c3cc3c3f000030033030030c00000c00c003300c00","size":15,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T14:02:47.114434Z","times_seen":23603,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acceptableredheadcaviar.com/745b95ffd64b1a4535afda140744beec/invoke.js","fqdn":"acceptableredheadcaviar.com","domain":"acceptableredheadcaviar.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"ba34b1316b140708ec05abeb429f7d15","sha1":"959deb0bcf43c11965a7facf331e796495728a85","sha256":"5692642d47f606b66a092b605cfdc22adc1556017d40f0337aeb44378a604711","sha512":"29ef50c540f50f3e40eb70e3d7ebccf7ad19ee1ac79a1fb5e36003b7f4ad8c125282d05e0305dcac6e27797642b12bfb068fb9d09f747bbdc29420070564acc5","ssdeep":"768:dB2Ef/5+sNKlKMHLQTwkf0R6sYeLvLoK12G6FYc0CnVr:dB2E5+aMHLQTwkf0bLDLoK12tFYNOF","tlshash":"9c23fa5dbf92f006165f70b7372fa106b11a8c19680cd89cfa07fda46d68f05e837aa4","size":46248,"data":"","first_seen":"2026-01-04T23:46:41.715526Z","last_seen":"2026-01-05T22:45:51.45277Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"scriptElement","is_inline":true,"md5":"269ce9310b238d95c6e561f1d2ab051a","sha1":"56589d31c2f4ce156a9555822668a02fd09dd29e","sha256":"f63ba0ff5c0c5bf85e8d991758f74bb41c603eb8ca34bf2ea8306261ee69e8fb","sha512":"ad299afea3228d67e73dda01924e14fd09ac8c2e371bbe5a4e21f4a46523835ebbc043f403c12eaccd1cc9754aeada581a1b458b4d9f2c97263a1b79da44e70b","ssdeep":"","tlshash":"44d0a72d0eb661a5e2a69598107d5204656260245153d3195caec908ae51e951909c98","size":224,"data":"","first_seen":"2026-01-05T22:45:51.497226Z","last_seen":"2026-01-06T04:09:54.109269Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acceptableredheadcaviar.com/da/29/34/da2934874d70693de1e2b10730abaed3.js","fqdn":"acceptableredheadcaviar.com","domain":"acceptableredheadcaviar.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"f4292648827930002bef8d611f062295","sha1":"cf6498c9e2278193a0c322c4b5cdcbb0c353db8d","sha256":"6a567c5a5f58ce99cf62967d17828be7ad9d2a2c6fb08ff907b42f1ae0d7ba68","sha512":"8c89389d8466af4afc727acf51b416af78e2b62f3321946bacbd408ed604316c2f53320a09a172324a30d6998bce713c4a830d26e8942585acec9748cf83c334","ssdeep":"1536:H9yUBg8XFOUGaAVTesz3WArOwlNyBv77NzxpQ2jFFwTOjIr:H3B91clpUhxpJwEIr","tlshash":"e77309487f82b15b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","size":78767,"data":"","first_seen":"2026-01-05T22:45:51.457224Z","last_seen":"2026-01-28T05:11:51.059386Z","times_seen":10,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"882fb4ec13c370e872df9e4587a98eb6","sha1":"4d41871cdc577c45b141134b16c0eab1b9b720e9","sha256":"791b28f4c489619d78906b8af22fbc11b48c0576134d36470ef92468e47da29c","sha512":"fd2b137155d24d0f76d501103374922d61c5e7947cd4091a694f219281d6feb561114a865de81fab1209ea62f69c35b21f3fb67fee3277be040e04985905bfa0","ssdeep":"","tlshash":"f470000808bb00a28228332f000020020aa2c20288020c8c000202000a08a280320038","size":25,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.507096Z","times_seen":14045,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"introduction_type":"eval","is_inline":false,"md5":"9213772222622192fc04ffe77aa92277","sha1":"2b7db24ac1b2337b2f671fb4fefaac45822015b2","sha256":"6b612f597a0ed972ce30182713c197e510528ac68ff1711b560641d5f47afefa","sha512":"bea56d6a08fd6a31aa2bd3b6333919c1210f4651fdb4ec976d418440a9e9d46fe5a0c7650a73876dac665cb0367b295368579cc6bf057fe23d6ad43524a6d731","ssdeep":"","tlshash":"c9700088c2382000002038322000008028228008808200c00002220200800300320088","size":20,"data":"","first_seen":"2023-03-07T01:03:04Z","last_seen":"2026-04-19T05:15:08.463017Z","times_seen":14546,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"1xgsu731azaj.n4.adsco.re/","fqdn":"1xgsu731azaj.n4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"38.132.109.126","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.762Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.n4.adsco.re","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 09:14:20 GMT","end":"Wed, 11 Feb 2026 09:14:19 GMT"},"fingerprint":{"sha1":"FB:34:12:01:B6:D1:B3:BD:9C:64:10:4B:29:6B:C7:44:FD:21:82:69","sha256":"D8:BD:52:A0:9E:11:2A:7E:51:D4:43:1D:9D:F7:F0:66:68:70:DF:0B:20:4A:38:60:4C:B5:37:82:2C:42:01:6B"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 1xgsu731azaj.n4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nlast-modified: Fri, 16 Jun 2023 08:37:42 GMT\r\netag: \"648c1f56-0\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":905,"timings":{"blocked":403,"dns":129,"connect":104,"send":0,"wait":88,"receive":0,"ssl":177},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_4RTz4scRRuumYTvkO8gGvE8qAcVme2e7t2dNofoGiPBmMQkkkMMUl1VPVNOTVdbVT09mVM0EIKnxZN6seeZya7RRRTPapjoQQJC5uQeshfxDwhCboL07MDqyRf6_fU0xfO89daNcb5HAuR099ybeiSVoiurTa_x3CWZcl3YxpmLDd9rescal2S6Fh5rDCtnBi_5Qdj0nm-8LlhPr7Q83_N8z2-clEYkeriyQCGznchvRl4zbDX91RBD8-_a5nVYWgcf7JEnIPn8sd-Ty5BshrT_zQlhe05nL77WzxV12mDAt99Oe6kuUvQP0sTUkKTby7-h7ZyQT-rQ6fZSAfRgWilALOek_tQDxOn2kibiwa19prGCSBHz_6MYzCDUDJLOwPR1SH6fAIzjzFmk_a0z2hT06j5KK3RODj_6E7KYk8MPnkTa_3pDyWHjgla5kzq1GCYl5HAG2Zkhy2dwoxpkcRfMfQjJfyUrj04j7U_PWqUheblQL5MZqK0hrz5ZQ57UkGc19PluI_TaIfNpsJZEnK17IQ1DLmIvarc8j0ZsHTn7AJJvgpkbW3nKbBiN_Z383Uy12l7krXnR2N99NlWCiSAIY58zwaN4nQtvNYxpq03XgpaIorYX3r68GoV-4PtXtjLedb3B1JlcTKszx_4X-60wWjSRmWvoyU2Y_A5st4TldVg3J7W3rmHASxSCoLAEBSUoJEHhCIpBeYsr27LlFlc2j_1lbC1jUE6064zpLe06IiWgZhOGl1OZvW-vg7lDk1Fi-URXjsaunNCYl-NsjzxeXUttp3yIntht_JdMWFlC2vpi4iM5Jxee2UMm77_8F2J6F1bdBZNPg-Y-aFGCdkuM0u-6zmU2o9aJRFHbbTLdB9clMncY7mptrPbI0cn5ixt3Fity5befIdg9sjQwUyIzJd6TPxF01M3JeV2Q6XldWPLt2czJvhzRan0uOOrE_758Q1wttOGnTtjN26-wCqjSnYvCutM05TLtWPLVhuRcmJPaMEG-P2UvifhcbrsbuUnz7PS5V0-e6mdGWCt1OgOVc3Lk4Udgck6O_vD54mmsvvAHWHYNNjvgaTVBnNWgJIESB30al7D_qOODfGxvomPqoO460n6JgSkxUCWo2oTNj0xcZu4d_-XTyj5DrOqTWJn6NFZGfbyYU-V-hJW7jSQQLeZ57fU1P2gnwg9CzpLVdhjxNeoFgYCzc_nO8UN_BwAA__9iHF_LwgQAAA==","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.406Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_4RTz4scRRuumYTvkO8gGvE8qAcVme2e7t2dNofoGiPBmMQkkkMMUl1VPVNOTVdbVT09mVM0EIKnxZN6seeZya7RRRTPapjoQQJC5uQeshfxDwhCboL07MDqyRf6_fU0xfO89daNcb5HAuR099ybeiSVoiurTa_x3CWZcl3YxpmLDd9rescal2S6Fh5rDCtnBi_5Qdj0nm-8LlhPr7Q83_N8z2-clEYkeriyQCGznchvRl4zbDX91RBD8-_a5nVYWgcf7JEnIPn8sd-Ty5BshrT_zQlhe05nL77WzxV12mDAt99Oe6kuUvQP0sTUkKTby7-h7ZyQT-rQ6fZSAfRgWilALOek_tQDxOn2kibiwa19prGCSBHz_6MYzCDUDJLOwPR1SH6fAIzjzFmk_a0z2hT06j5KK3RODj_6E7KYk8MPnkTa_3pDyWHjgla5kzq1GCYl5HAG2Zkhy2dwoxpkcRfMfQjJfyUrj04j7U_PWqUheblQL5MZqK0hrz5ZQ57UkGc19PluI_TaIfNpsJZEnK17IQ1DLmIvarc8j0ZsHTn7AJJvgpkbW3nKbBiN_Z383Uy12l7krXnR2N99NlWCiSAIY58zwaN4nQtvNYxpq03XgpaIorYX3r68GoV-4PtXtjLedb3B1JlcTKszx_4X-60wWjSRmWvoyU2Y_A5st4TldVg3J7W3rmHASxSCoLAEBSUoJEHhCIpBeYsr27LlFlc2j_1lbC1jUE6064zpLe06IiWgZhOGl1OZvW-vg7lDk1Fi-URXjsaunNCYl-NsjzxeXUttp3yIntht_JdMWFlC2vpi4iM5Jxee2UMm77_8F2J6F1bdBZNPg-Y-aFGCdkuM0u-6zmU2o9aJRFHbbTLdB9clMncY7mptrPbI0cn5ixt3Fity5befIdg9sjQwUyIzJd6TPxF01M3JeV2Q6XldWPLt2czJvhzRan0uOOrE_758Q1wttOGnTtjN26-wCqjSnYvCutM05TLtWPLVhuRcmJPaMEG-P2UvifhcbrsbuUnz7PS5V0-e6mdGWCt1OgOVc3Lk4Udgck6O_vD54mmsvvAHWHYNNjvgaTVBnNWgJIESB30al7D_qOODfGxvomPqoO460n6JgSkxUCWo2oTNj0xcZu4d_-XTyj5DrOqTWJn6NFZGfbyYU-V-hJW7jSQQLeZ57fU1P2gnwg9CzpLVdhjxNeoFgYCzc_nO8UN_BwAA__9iHF_LwgQAAA== HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 26bb6a5e88e28a83c35a03e65ba96e75\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":247,"timings":{"blocked":152,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn4ads.com/dqyccoyrrlmegyia?LsNfxkEo=BQOCAAAAAAAACZUAAvjtukvDg8qY7SGEpQeOrfSFM9vBMsPU-XCYSjtXcWc2JdcVwqmk3ldObI1SVAm_4O8n2R7yhcHfsWdm4MWBWFFAun_KmZ6DeTpLWtJd38wvcsi-2tFdFR6BaY06TZgwcOX7tJc6Ks6A106uUhc-QOhsLu5NAbCxY4ypRV-uJB6Vuq-UWTjUEMQnvC98rjK_fuLwUiiFgXrztjMbLta7nKUOPtuTpmiotxVMaSY2OdlKsUKuuQpGmRxOkhYNvwExq4oop_9pRWhwWO_59lC1DyE51jBqam_RXyyL6_7UW_CBCikha8uWhDL350e09hV4leerPlQgobatK_lx1eY2m0SonYrn5g478lzMUNRJxTpo_GCPygxqDBF86H_Qx-0ADj-k9Yvnb292I9VdYshV_aJTs9Bipk02ix1_B6kuDG4c2AYzMl42yPLpQoR5f7KN1fDk1BXZkzIgGLcuWYm-zx0Y_SFpk78x6fuZqHA1-YOq3kD4f8avAj41X_s6OIIJxn3Af-WClp389neuZATfjMtydhfM-_MayP2Ky1WK-6meR3WJ1N6pEjZHhkcPv0C5DS6Th1qqmTOvD1WF4-hnKv8QTKmGP5Jrf40aBgmCg8OS8qOSpPxaO_uZ8gMdwHqtRlsltCh-9Y_e9lD6rl8l00UJw0Z1zZmsGmuWlp3kHjJN5IqkpepVn_07QxuRm017LMPuOufecnTvrjb2jk1yRMBShX4yF8REmZlyzEvr3gYbN2AgxAw6lLnJuZF2kSR9dKvkrdbrL9J5YHGApkZcSWQNaKQfDD_4QM66-UlOClDqNv_kT_rMah5pEgrVkmiKXKadtqxpeoZ9uNGoMOopOOivKjCHF_P1x9bv0aRZN7ymIPiEtcmsJAJLMQeSRruFgqnWYeJ-8K0ffB_QBvmtygc9vWyjOSSvlIrdCZ1LcvRJ2h0caNBlLJR0gsZxc6yS6uqUJgP7JVzcCZUpwQKgorjEu4h2B3cuzymP2SnJV1Xelp7v3RvIHGdRXAeW-1dFuXx9r8jOCy4HBLwraxEd8Bh3zPHJETVL6sDS6o_n8WapF0745NJdfESe48oHNP3UuTP8gOu0cIj4vLOE50JgO824SQtMxhNa7fIB3nEf-YoNoDoRWrgH4s_giAFxUQvL4RECrQwAFDgNs0SSbkVXYzeKLCjJUaKG5DJB6IOOWfau\u0026AEoOuHBq=4\u0026UgSaeBLI=5264547\u0026TDYpOnog=\u0026slJHzwNt=0,0\u0026rYxZzpuk=\u0026xmNsKnur=\u0026bPIhtazN=1280,1024,1,1280,1024,0","fqdn":"cdn4ads.com","domain":"cdn4ads.com","tld":"com"},"ip":{"addr":"216.59.63.128","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.543Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"cdn4ads.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Fri, 04 Apr 2025 00:00:00 GMT","end":"Tue, 05 May 2026 23:59:59 GMT"},"fingerprint":{"sha1":"92:E8:5F:67:E6:26:22:D5:AD:B6:B6:67:7C:38:20:45:99:C6:B1:7F","sha256":"7B:DB:ED:86:83:B7:92:84:B5:0C:52:DE:81:DC:EB:28:C6:80:A9:EC:C7:FA:B5:BB:A7:55:6E:17:99:E5:84:B6"}}},"request":{"raw":"GET /dqyccoyrrlmegyia?LsNfxkEo=BQOCAAAAAAAACZUAAvjtukvDg8qY7SGEpQeOrfSFM9vBMsPU-XCYSjtXcWc2JdcVwqmk3ldObI1SVAm_4O8n2R7yhcHfsWdm4MWBWFFAun_KmZ6DeTpLWtJd38wvcsi-2tFdFR6BaY06TZgwcOX7tJc6Ks6A106uUhc-QOhsLu5NAbCxY4ypRV-uJB6Vuq-UWTjUEMQnvC98rjK_fuLwUiiFgXrztjMbLta7nKUOPtuTpmiotxVMaSY2OdlKsUKuuQpGmRxOkhYNvwExq4oop_9pRWhwWO_59lC1DyE51jBqam_RXyyL6_7UW_CBCikha8uWhDL350e09hV4leerPlQgobatK_lx1eY2m0SonYrn5g478lzMUNRJxTpo_GCPygxqDBF86H_Qx-0ADj-k9Yvnb292I9VdYshV_aJTs9Bipk02ix1_B6kuDG4c2AYzMl42yPLpQoR5f7KN1fDk1BXZkzIgGLcuWYm-zx0Y_SFpk78x6fuZqHA1-YOq3kD4f8avAj41X_s6OIIJxn3Af-WClp389neuZATfjMtydhfM-_MayP2Ky1WK-6meR3WJ1N6pEjZHhkcPv0C5DS6Th1qqmTOvD1WF4-hnKv8QTKmGP5Jrf40aBgmCg8OS8qOSpPxaO_uZ8gMdwHqtRlsltCh-9Y_e9lD6rl8l00UJw0Z1zZmsGmuWlp3kHjJN5IqkpepVn_07QxuRm017LMPuOufecnTvrjb2jk1yRMBShX4yF8REmZlyzEvr3gYbN2AgxAw6lLnJuZF2kSR9dKvkrdbrL9J5YHGApkZcSWQNaKQfDD_4QM66-UlOClDqNv_kT_rMah5pEgrVkmiKXKadtqxpeoZ9uNGoMOopOOivKjCHF_P1x9bv0aRZN7ymIPiEtcmsJAJLMQeSRruFgqnWYeJ-8K0ffB_QBvmtygc9vWyjOSSvlIrdCZ1LcvRJ2h0caNBlLJR0gsZxc6yS6uqUJgP7JVzcCZUpwQKgorjEu4h2B3cuzymP2SnJV1Xelp7v3RvIHGdRXAeW-1dFuXx9r8jOCy4HBLwraxEd8Bh3zPHJETVL6sDS6o_n8WapF0745NJdfESe48oHNP3UuTP8gOu0cIj4vLOE50JgO824SQtMxhNa7fIB3nEf-YoNoDoRWrgH4s_giAFxUQvL4RECrQwAFDgNs0SSbkVXYzeKLCjJUaKG5DJB6IOOWfau\u0026AEoOuHBq=4\u0026UgSaeBLI=5264547\u0026TDYpOnog=\u0026slJHzwNt=0,0\u0026rYxZzpuk=\u0026xmNsKnur=\u0026bPIhtazN=1280,1024,1,1280,1024,0 HTTP/1.1\r\nHost: cdn4ads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\npopads-node: wb5\r\naccess-control-allow-origin: *\r\nasf: 9\r\npopads-ec: ASB\r\ncontent-type: text/javascript;charset=UTF-8\r\ncontent-length: 44\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":44,"size_decoded":0,"mime_type":"text/javascript; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"d5f0a25e4d3522d56d48ce7bc3e518fb","sha1":"86794caff58f7fee6e684c2ba7195f970a8d6f4c","sha256":"9d781128a8ece413b003d5612b8398bf9340ef7f5b751d12bd125ba523d3ceb5","sha512":"a3a81801f516a4eb11f00d6f56dab0ed4b8a79219e6b4f5436993479f09dae08f14cffbab3327ff66fb39201d8eba1153ae7114f7705a01cc6f0edf840ef1616","ssdeep":"","tlshash":"789002801814116115d1500b8d5159d01259b1a4540801324446ca502dc7883a415774","first_seen":"2023-03-07T01:17:45Z","last_seen":"2026-04-20T05:40:40.345222Z","times_seen":23469,"resource_available":true,"data":null}},"time_used":777,"timings":{"blocked":330,"dns":1,"connect":93,"send":0,"wait":116,"receive":0,"ssl":235},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.355Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 52b103a426f57c139012f2583729aea4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":669,"timings":{"blocked":286,"dns":1,"connect":92,"send":0,"wait":96,"receive":1,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"104.21.15.229","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.181Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 21:44:28 GMT","end":"Thu, 05 Mar 2026 22:42:58 GMT"},"fingerprint":{"sha1":"32:E8:D3:D8:57:3D:77:06:14:B5:AE:66:6B:E6:23:35:25:11:2C:25","sha256":"65:65:A6:2D:1D:7A:E9:EF:3F:02:AB:E8:2B:83:22:39:7B:1B:99:BB:3D:AE:E4:D2:5F:AB:C5:32:3B:21:23:C3"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:31 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=KGSX5arU%2B0VgWfI60zKXJ3FHgmbcI%2BQ6%2F5mtHin7spvfdT900RA9B6iKcAM31geN6ARenumf8lfvEZ8eCh9EEuvlKW85zQJO7pbDsRKbAqNF81vn\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b9681a61a1756b5-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-04-16T12:24:04.626511Z","times_seen":1765,"resource_available":false,"data":null}},"time_used":544,"timings":{"blocked":39,"dns":22,"connect":1,"send":0,"wait":463,"receive":0,"ssl":16},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:32 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=8oBJLmWAxzJ3ajs469JGv1SHxhwI0jIZsvpViNh2XAeAiTkeYU3XePpXwA6vl149rulMsFY8UNcnBQSqHoGyIW8PWmecMfI6RRP4Dqjrw%2F4%3D\"}]}\r\ncf-ray: 9b9681a99cba4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-04-16T12:24:04.592408Z","times_seen":1688,"resource_available":false,"data":null}},"time_used":508,"timings":{"blocked":22,"dns":1,"connect":1,"send":0,"wait":463,"receive":0,"ssl":18},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/VbqILJAi","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2026-01-05T22:45:20.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pasteflash.sx","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Dec 2025 15:35:39 GMT","end":"Thu, 26 Mar 2026 15:35:38 GMT"},"fingerprint":{"sha1":"EA:61:C1:89:B4:4A:4D:AA:44:91:00:20:BF:CB:5F:E8:F7:62:CF:0B","sha256":"F6:6F:DD:F8:A4:12:D3:AF:DB:74:B1:C4:4C:B0:67:9A:5F:63:0C:A0:C1:45:94:4E:3F:BB:73:06:81:E3:3C:7F"}}},"request":{"raw":"GET /VbqILJAi HTTP/1.1\r\nHost: pasteflash.sx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nset-cookie: PHPSESSID=qr4cht3450qrn8l0pcmf68r46j; expires=Wed, 04 Feb 2026 22:45:20 GMT; Max-Age=2592000; path=/; secure; HttpOnly; SameSite=Lax\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ndate: Mon, 05 Jan 2026 22:45:20 GMT\r\nx-frame-options: DENY\r\ncontent-security-policy: frame-ancestors 'none';\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]}],"data":{"size":17110,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (810)","md5":"da40d6a736a2f11b468abbf1d489601f","sha1":"0327d2e985aaa198d6b7788ae4524cdd8b8cb67f","sha256":"ba9c911977b83aa7a4d68395e51db19032e5c9b178b41333e1f069a45aede248","sha512":"e7c22e28861ac7c1f9df9bb5b6970de44ae965257af1d1eab7d4517c63a33f6445ed1e23c1d2dcc68fb3f25e31cbfb29163a368844b88f9581c19283f9848bce","ssdeep":"384:6uu4q6plhj6tJQeeexoaXaXy3hZag40TWXct4k:04vplhkOeeP6aXy3hZag4cWMuk","tlshash":"d472e6e29af214256563c0d515b3e74827788007d11be6587bfca29cdfc9bd2e913b8c","first_seen":"2026-01-05T22:45:51.44809Z","last_seen":"2026-01-05T22:45:51.44809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":333,"timings":{"blocked":141,"dns":36,"connect":45,"send":0,"wait":50,"receive":0,"ssl":57},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:22.707Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://pasteflash.sx\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; expires=Thu, 03 Jan 2036 22:45:22 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"d0fd5bf56f341ad6309011d5602645b6","sha1":"67f58621febb41b2232266f2606771632fe92d32","sha256":"041c19d0bd48fd3514b3b3ff5fa0bce6e6516689c0247e7a73f147687f5cce36","sha512":"97f9c4af9ca2a530b84e88e2b12bfad56a038236c4c8c1c242a36a0dac432b8b4e81a538a14f5ac166124ab3ea4d87d7b0e3a7f70ce2aedf222d524b9926f52c","ssdeep":"","tlshash":"7d90041440110c14f105d10d0434cd13cd0543030534f571000d4c3105c4c73c7d5771","first_seen":"2026-01-05T22:45:51.448924Z","last_seen":"2026-01-05T22:45:51.448924Z","times_seen":1,"resource_available":false,"data":null}},"time_used":564,"timings":{"blocked":271,"dns":23,"connect":21,"send":0,"wait":21,"receive":0,"ssl":225},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026rb=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:22.721Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026rb= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: application/json\r\nContent-Length: 5937\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: pdhtkv=true; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\npdhtkv49=true; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nuncs49=1; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nu_pl28090609=1; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nnlece334b1dced9b7de054ba28a632e99804=[5941311]; expires=Mon, 05 Jan 2026 22:45:28 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 28\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: b8c187967719d8dd49b88645b0789199\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":7728,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2f9c926a4e7999a356fac713920eeb37","sha1":"ecc4f384e45e585a4fa1cb926a8e6213d4c766ab","sha256":"cb05c0bdb111b063c527331172338482dfe2cf8c33d0e8a128eeda19d86b87b3","sha512":"afb577a2148a2b8501456b9b95c627416a57aae96d901a2e0faf078547b7bfe991b58ab4481d210f5159bc29fbc1f6e70d7531937857f6b53e7ec02302c5b6f7","ssdeep":"192:gChLE/Wpoypxv8usu3yL+3kq1WhTg36HUFrsGl8:gcGW6ypB8usuC90Fgz","tlshash":"6af19f3b1829552a0a73f8b94e8bacea1d02094b56cc9dc7e5fe46a0df264c35d5d072","first_seen":"2026-01-05T22:45:51.449809Z","last_seen":"2026-01-05T22:45:51.449809Z","times_seen":1,"resource_available":false,"data":null}},"time_used":709,"timings":{"blocked":292,"dns":12,"connect":94,"send":0,"wait":123,"receive":0,"ssl":185},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/ren.gif?sid=H4sIAAAAAAAC_1SSv28cRRTHZ20XiBQIsOiQToEiCHzevd37saRwMMbBwtjGNrJQKJjdmT0P3ttZdmZvz1cZLKGUpqOgWH_PjkWIAig1IjrTWULyQuMiVlD-ARBROiR055OivOK9N_qMNO_7ffP1fnpObKT0bOVD2RVhSKerZbN0ZUNETGaqtLRessyyebW0IaKac7XUGaSk_bZlO2XzjdJ17m_J6YppmaZlWqV5kfBAdqaHFCK-41pl1yw7lbJVddBJnj2r1ICiBlj7nLwEwYoXHgU3IPw-otZPc1xtaRm_9V4rDamWCdrs6ONoK5JZhNbTNkgMBNHR6DakKgj5dgwyOhopgGwfDBTAEwUZe-UBvOhoNCa89uHFpF4IHsFjl5C1--BhH4L24ctdCHZKAJ9haRlR69aSTDK6fUHpgBZk4sm_EFlBJh5MImrdnQ1Fp7Qmw1QLGSl0ghyi04do9hGnx9BdAyI7hq-_gmC_k-kni4haB8sqlBDs7HUnMKnlBsGUxS1vynF8Z4oGDXuK1-vU9bwa9yt0aJEI-qBqHKkykAoDaWAgjQ202FnJMRuOb1G7FrjMr5sOdRzGPdNtVEyTun4dqf8lBNuDn-wgTnawJfaQpPehNnMoNgalC2J8tI02y5FxgkwRZJQgEwSZJsja-SELVUXlt1ioUs8a1cqo2nlP6uY-PZS6ySMCmuwhYfmBiL9Qu_D1eK8bKNaTg0Q9nfeox_L9-Jy8OLDU-PFxBVv8rMRoxbWdRt1hdbPm2oxbvOJZZt02qUc5s6FEDqHGQJWBrijI2mvniMXptf_g0WOo8Bi-uAyavgqa5aCbObrRvU2tYxVTpXkQUrVZ9mULTOaI9QT0trEfnpOXe6vrs_eH6_1s7jK4f3LtucnuX9fvTsJPcsRJjs_FbwTN8GZvVWbkYFVmivy8HGvREl06WP2apppP3P6Ab2cyYQtzau_7d_wBGLR31rnSizRiImoq8sOsYIwn8zLxOfllQW1wbyVVm7NpEqXx4sq78wutOOFKCRn1QUVBnv_uTfiiIJNXZobfuvr4Ifx4Byo-mXlkDwNKEnixgVAU5P0bDxHyk5nTT-79WfxzG9TLofhTTR4_-fVvMox9dRPNxADVu4haOdpJjnaYg4Z7UOl4T8fJycwfoze80Oh5YWIceGESfnPhlRJnpWrFs2uNRo0HNRbYzK7YzK2a3HWoW3NcpwqtCvHpzKX_AwAA__9lQGxzfQQAAA==","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.178Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1SSv28cRRTHZ20XiBQIsOiQToEiCHzevd37saRwMMbBwtjGNrJQKJjdmT0P3ttZdmZvz1cZLKGUpqOgWH_PjkWIAig1IjrTWULyQuMiVlD-ARBROiR055OivOK9N_qMNO_7ffP1fnpObKT0bOVD2RVhSKerZbN0ZUNETGaqtLRessyyebW0IaKac7XUGaSk_bZlO2XzjdJ17m_J6YppmaZlWqV5kfBAdqaHFCK-41pl1yw7lbJVddBJnj2r1ICiBlj7nLwEwYoXHgU3IPw-otZPc1xtaRm_9V4rDamWCdrs6ONoK5JZhNbTNkgMBNHR6DakKgj5dgwyOhopgGwfDBTAEwUZe-UBvOhoNCa89uHFpF4IHsFjl5C1--BhH4L24ctdCHZKAJ9haRlR69aSTDK6fUHpgBZk4sm_EFlBJh5MImrdnQ1Fp7Qmw1QLGSl0ghyi04do9hGnx9BdAyI7hq-_gmC_k-kni4haB8sqlBDs7HUnMKnlBsGUxS1vynF8Z4oGDXuK1-vU9bwa9yt0aJEI-qBqHKkykAoDaWAgjQ202FnJMRuOb1G7FrjMr5sOdRzGPdNtVEyTun4dqf8lBNuDn-wgTnawJfaQpPehNnMoNgalC2J8tI02y5FxgkwRZJQgEwSZJsja-SELVUXlt1ioUs8a1cqo2nlP6uY-PZS6ySMCmuwhYfmBiL9Qu_D1eK8bKNaTg0Q9nfeox_L9-Jy8OLDU-PFxBVv8rMRoxbWdRt1hdbPm2oxbvOJZZt02qUc5s6FEDqHGQJWBrijI2mvniMXptf_g0WOo8Bi-uAyavgqa5aCbObrRvU2tYxVTpXkQUrVZ9mULTOaI9QT0trEfnpOXe6vrs_eH6_1s7jK4f3LtucnuX9fvTsJPcsRJjs_FbwTN8GZvVWbkYFVmivy8HGvREl06WP2apppP3P6Ab2cyYQtzau_7d_wBGLR31rnSizRiImoq8sOsYIwn8zLxOfllQW1wbyVVm7NpEqXx4sq78wutOOFKCRn1QUVBnv_uTfiiIJNXZobfuvr4Ifx4Byo-mXlkDwNKEnixgVAU5P0bDxHyk5nTT-79WfxzG9TLofhTTR4_-fVvMox9dRPNxADVu4haOdpJjnaYg4Z7UOl4T8fJycwfoze80Oh5YWIceGESfnPhlRJnpWrFs2uNRo0HNRbYzK7YzK2a3HWoW3NcpwqtCvHpzKX_AwAA__9lQGxzfQQAAA== HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl28308530=1; slecda2934874d70693de1e2b10730abaed3=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:31 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f0b334c17bb1831978f089b74df2468e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=510","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.737Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=510 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl28308530=1; slecda2934874d70693de1e2b10730abaed3=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:31 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_4RTz4scRRuumYTvkO8gGvE8qAcVme2e7plMm0N0jZFgTGISySEGqe6qnimnpqutqp6endPqQgieFk_qxZ5nZneNLqJ4VQmzIkhAyJxcMHvxLwhCboL07MDqyRf6_dFP8fI8b711a5wdEA8Z3b_8phoJKelKs-7UnrsuEqZyU7t4reY6ded07bpIWv7p2rB0evCS6_l15_na6zzqqZWG4zqO67i1c0LzWA1XFihEuhu49cCp-4262_Qx1P-uTVaFoVWwwQF5AoLNH_sjvgERzZD0vznLTc-q9MXX-pmkVmkM2M7bSS9ReYL-URrrCuJkZ3kayswJ-aQKlewsFUANpqUChGJOqk89QJjsLGkiHGwdMg0leIKQ_R_5YAYuZxB0hkhtQLD7BIgYLl5C0t--qHRO1w5RWqJzcvzRnxD5nBx_8CSS_terUgxrV5XMrFCJwTAuIIYziM4MaTaDHVUg8j1E9kMI9itZeXQBSX96yUgFwYqFehHPQE0FWfmJCrK4giytoM_2a77T9iOXeq04YNEpx6e-z3joBO2G49AgOoUs-gCCbSLSt75IWdf2Bn4wtTrj21kSGT8Yu7vZu6lstJ3AaTnB2N1_NpE84p7nhy6LOAvCU4w7TT-kjTZteQ0eBG3Hv3OjGfiu57o3tw-7LnpOy55jF6leR09sQmd3YboFDKvC2DmpvLWOASuQc4LcEOSUIBcEuSXIB8UWk6Zhim0mTRa6y9hYRq-YKNsZ0y1lOzwhoHoTmhVTkb5vNhDZY5NRbNhElY6GtpjQkBXj9IA8Xl5LZbd4iB7fr_2XMBhRQJjqYuIjMSdXnzlAKu6__BdCugcj9xCJp0EzFzQvQLsFRsl3XWtTk1JjeSyp6dYj1QdTBVJ7HHatMpYH5OTkyrXVu4sVufnb9-DRPbI0RLpAqgu8J34i6MjbkysqJ9MrKjfk20upFX0xouX6XLXU8v99-QZfy5Vm58-azTuvRCVQprvXuLEXaMJE0jHkq1XBGNfnlI44-eG8uc7Dy5nprmY6ydILl189d76fam6MUMkMVMzJiYcfIRJzcvLHzxdPo_nC74jSdZj0iKdRBGFagRQEkh_9p2EB8486PMrH5jY6ugpqN5D0Cwx0gYEsQOUmTHZiYlN978wvn5b2GUJZnYRSV6eh1PLjxZxK9zOM2K81G6HXardbPG6x2GNew2NB0-GBT4OWH_hNWDMX75w59ncAAAD__872Si3CBAAA","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.303Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_4RTz4scRRuumYTvkO8gGvE8qAcVme2e7plMm0N0jZFgTGISySEGqe6qnimnpqutqp6endPqQgieFk_qxZ5nZneNLqJ4VQmzIkhAyJxcMHvxLwhCboL07MDqyRf6_dFP8fI8b711a5wdEA8Z3b_8phoJKelKs-7UnrsuEqZyU7t4reY6ded07bpIWv7p2rB0evCS6_l15_na6zzqqZWG4zqO67i1c0LzWA1XFihEuhu49cCp-4262_Qx1P-uTVaFoVWwwQF5AoLNH_sjvgERzZD0vznLTc-q9MXX-pmkVmkM2M7bSS9ReYL-URrrCuJkZ3kayswJ-aQKlewsFUANpqUChGJOqk89QJjsLGkiHGwdMg0leIKQ_R_5YAYuZxB0hkhtQLD7BIgYLl5C0t--qHRO1w5RWqJzcvzRnxD5nBx_8CSS_terUgxrV5XMrFCJwTAuIIYziM4MaTaDHVUg8j1E9kMI9itZeXQBSX96yUgFwYqFehHPQE0FWfmJCrK4giytoM_2a77T9iOXeq04YNEpx6e-z3joBO2G49AgOoUs-gCCbSLSt75IWdf2Bn4wtTrj21kSGT8Yu7vZu6lstJ3AaTnB2N1_NpE84p7nhy6LOAvCU4w7TT-kjTZteQ0eBG3Hv3OjGfiu57o3tw-7LnpOy55jF6leR09sQmd3YboFDKvC2DmpvLWOASuQc4LcEOSUIBcEuSXIB8UWk6Zhim0mTRa6y9hYRq-YKNsZ0y1lOzwhoHoTmhVTkb5vNhDZY5NRbNhElY6GtpjQkBXj9IA8Xl5LZbd4iB7fr_2XMBhRQJjqYuIjMSdXnzlAKu6__BdCugcj9xCJp0EzFzQvQLsFRsl3XWtTk1JjeSyp6dYj1QdTBVJ7HHatMpYH5OTkyrXVu4sVufnb9-DRPbI0RLpAqgu8J34i6MjbkysqJ9MrKjfk20upFX0xouX6XLXU8v99-QZfy5Vm58-azTuvRCVQprvXuLEXaMJE0jHkq1XBGNfnlI44-eG8uc7Dy5nprmY6ydILl189d76fam6MUMkMVMzJiYcfIRJzcvLHzxdPo_nC74jSdZj0iKdRBGFagRQEkh_9p2EB8486PMrH5jY6ugpqN5D0Cwx0gYEsQOUmTHZiYlN978wvn5b2GUJZnYRSV6eh1PLjxZxK9zOM2K81G6HXardbPG6x2GNew2NB0-GBT4OWH_hNWDMX75w59ncAAAD__872Si3CBAAA HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c302f8fa7bc0686a0a09b8ce6c984bb3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":502,"timings":{"blocked":221,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_4RTv48bRRseO9FX5CsQBFFbQAEI-Xa9a8dLisARgiJCEpKgFCFCszuz9uDxzjIz6_W5OjgpiqhOVEDD-rHvjsAJgaiByAcFioQUV1yRaxB_QISUDgmtz9JBxSvN--N5pnifd965Nc4OiIeM7l9-U42ElHSlWXdqz10XCVO5qV28VnOdunO6dl0kLf90bVg6PXjJ9fy683ztdR711ErDcR3HddzaOaF5rIYrCxYi3Q3ceuDU_UbdbfoY6n_XJqvC0CrY4IA8AcHmj_0e34CIZkj635zlpmdV-uJr_UxSqzQGbOftpJeoPEH_KI11BXGys7wNZeaEfFKFSnaWCqAG01IBQjEn1aceIEx2lm0iHGwddhpK8AQh-z_ywQxcziDoDJHagGD3CRAxXLyEpL99Uemcrh2ytGTn5PijPyHyOTn-4Ekk_a9XpRjWriqZWaESg2FcQAxnEJ0Z0mwGO6pA5HuI7IcQ7Fey8ugCkv70kpEKghUL9SKegZoKsvKICrK4giytoM_2a77T9iOXeq04YNEpx6e-z3joBO2G49AgOoUs-gCCbSLSt7ZT1rW9wdTqjE-zJDJj94tDyA8W4HYJ-sHY3c3eTWWj7QROywnG7v6zieQR9zw_dFnEWRCeYtxp-iFttGnLa_AgaDv-nRvNwHc9172JVK-jJzahs7sw3QKGVWHsnFTeWseAFcg5QW4IckqQC4LcEuSDYotJ0zDFNpMmC91lbCyjV0yU7YzplrIdnhBQvQnNiqlI3zcbiOyxySg2bKJKR0NbTGjIinF6QB4vn6WyWzxEj-_X_ksFjCggTHUx8ZGYk6vPHCAV91_-CyHdg5F7iMTToJkLmheg3QKj5LuutalJqbE8ltR065Hqg6kCqT0Ou1YZywNycnLl2urdxYrc_O1n8OgeWRoiXSDVBd4TPxF05O3JFZWT6RWVG_LtpdSKvhjRcn2uWmr5_758g6_lSrPzZ83mnVeikijT3Wvc2As0YSLpGPLVqmCM63NKR5x8f95c5-HlzHRXM51k6YXLr5473081N0aoZAYq5uTEw48QiTk5-cPni6_RfOEPROk6THrUp1EEYVqBFASSH-E0LGD-UYdH-djcRkdXQe0Gkn6BgS4wkAWo3ITJTkxsqu-d-eXT0j5DKKuTUOrqNJRafryYU-l-hBH7tWYj9FrtdovHLRZ7zGt4LGg6PPBp0PIDvwlr5uKdM8f-DgAA__-e1YXswgQAAA==","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.392Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_4RTv48bRRseO9FX5CsQBFFbQAEI-Xa9a8dLisARgiJCEpKgFCFCszuz9uDxzjIz6_W5OjgpiqhOVEDD-rHvjsAJgaiByAcFioQUV1yRaxB_QISUDgmtz9JBxSvN--N5pnifd965Nc4OiIeM7l9-U42ElHSlWXdqz10XCVO5qV28VnOdunO6dl0kLf90bVg6PXjJ9fy683ztdR711ErDcR3HddzaOaF5rIYrCxYi3Q3ceuDU_UbdbfoY6n_XJqvC0CrY4IA8AcHmj_0e34CIZkj635zlpmdV-uJr_UxSqzQGbOftpJeoPEH_KI11BXGys7wNZeaEfFKFSnaWCqAG01IBQjEn1aceIEx2lm0iHGwddhpK8AQh-z_ywQxcziDoDJHagGD3CRAxXLyEpL99Uemcrh2ytGTn5PijPyHyOTn-4Ekk_a9XpRjWriqZWaESg2FcQAxnEJ0Z0mwGO6pA5HuI7IcQ7Fey8ugCkv70kpEKghUL9SKegZoKsvKICrK4giytoM_2a77T9iOXeq04YNEpx6e-z3joBO2G49AgOoUs-gCCbSLSt7ZT1rW9wdTqjE-zJDJj94tDyA8W4HYJ-sHY3c3eTWWj7QROywnG7v6zieQR9zw_dFnEWRCeYtxp-iFttGnLa_AgaDv-nRvNwHc9172JVK-jJzahs7sw3QKGVWHsnFTeWseAFcg5QW4IckqQC4LcEuSDYotJ0zDFNpMmC91lbCyjV0yU7YzplrIdnhBQvQnNiqlI3zcbiOyxySg2bKJKR0NbTGjIinF6QB4vn6WyWzxEj-_X_ksFjCggTHUx8ZGYk6vPHCAV91_-CyHdg5F7iMTToJkLmheg3QKj5LuutalJqbE8ltR065Hqg6kCqT0Ou1YZywNycnLl2urdxYrc_O1n8OgeWRoiXSDVBd4TPxF05O3JFZWT6RWVG_LtpdSKvhjRcn2uWmr5_758g6_lSrPzZ83mnVeikijT3Wvc2As0YSLpGPLVqmCM63NKR5x8f95c5-HlzHRXM51k6YXLr5473081N0aoZAYq5uTEw48QiTk5-cPni6_RfOEPROk6THrUp1EEYVqBFASSH-E0LGD-UYdH-djcRkdXQe0Gkn6BgS4wkAWo3ITJTkxsqu-d-eXT0j5DKKuTUOrqNJRafryYU-l-hBH7tWYj9FrtdovHLRZ7zGt4LGg6PPBp0PIDvwlr5uKdM8f-DgAA__-e1YXswgQAAA== HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 0\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: fa5fcff309f8132520dc3df00fda186f\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":166,"timings":{"blocked":72,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_1RTzYscxRuumYTfIb-DaMTzoB5U3Nnqj9mZNofoGiPBmIQkkoOKVFdV75bb09VWVU9v5mQMSvC0eFIv9jwz2Y26iOI5GiZeJCBkTu4h68G_IAi5CdKzA6sv1PvxPHV436fe-mRU7JMABdu78KYeqjRly502bT13RWVCl7Z17nLLo216onVFZSvhidZm7czgJS8I2_T51uuSb-hln3qUetRrnVZGJnpzec5C5buR145oO_TbXifEpvlvbYsjsOwIxGCfPAElZo_9mbwNxafI-t-fknbD6fzF1_pFypw2GIidt7KNTJcZ-odpYhpIsp3FbWg7I-TzJnS2s5gAejCpJ0CsZqT51APE2c6iTcSDmwedxilkhlj8H-VgCplOodgUXF-HEvcJwAXOnUfW3z6nTcmuHrCsZmfk6KO_oMoZOfrgSWT971ZTtdm6pNPCKZ1ZbCYV1OYUam2KvJjCDRtQ5V1w9xGU-I0sPzqLrD85b1MNJfae7XaloFHHX6IyCZdCL5RLrNeJlgQXkvdESINYzCVSyRTMNlDURzVQJA0UeQN9sdcKaS_kHgtWkkjwLg1ZGAoZ06jnU8oi3kXBr0GJLXDz8XYu1t3GYOJMISdFxu3Iv3UAhdEc3K7BMBr5u8V7eer3aERXaDTykJtrt0TQlUHMw1GMDbUFU9yBXa9gRQPWEQxEhVISlJagZASlIigdQTmoborU-rbaFqktYm8R_UUMqrF2ayN2U7s1mREwswUjqonKP7DXwd2R8TCxYqxrx2JXjVksqlG-Tx6vn6SxWz3EhtxrySAIY09wKaK4KyTthDHze2wl8GUU9WgIqyoo25wLOVQzcumZfeTq_st_I2Z3YdO74OppsMIDKyuw9QrD7Md153KbM-tkkjK73ua6D6Er5O4o3NXGKN0nx8cXL6_ema_Hu7__DMnvkYWBmwq5qfC--oVgLb0xvqhLMrmoS0t-OJ871VdDVq_OJcec_N83b8irpTbizCm79fUrvCbqdPeytO4sy4TK1iz5dlUJIc1pbbgkt8_YKzK-UNj11cJkRX72wqunz_RzI61VOpuCqRk59vBTcDUjx3_6av4tOi_8AZ5_CJsf9mk1QZw3kSqCVB7iLK5g_1XHh_nI3sCaaYK568j6FQamwiCtwNIt2OLY2OXm3slfv6jtS8RpcxynpjmJU5N-Vut0-0Asq_ZaSSB9Tmmvu-IFvUR6QSh40umFkVhhNAgknJ2pd04e-ycAAP__VRXO6L4EAAA=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.940Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTzYscxRuumYTfIb-DaMTzoB5U3Nnqj9mZNofoGiPBmIQkkoOKVFdV75bb09VWVU9v5mQMSvC0eFIv9jwz2Y26iOI5GiZeJCBkTu4h68G_IAi5CdKzA6sv1PvxPHV436fe-mRU7JMABdu78KYeqjRly502bT13RWVCl7Z17nLLo216onVFZSvhidZm7czgJS8I2_T51uuSb-hln3qUetRrnVZGJnpzec5C5buR145oO_TbXifEpvlvbYsjsOwIxGCfPAElZo_9mbwNxafI-t-fknbD6fzF1_pFypw2GIidt7KNTJcZ-odpYhpIsp3FbWg7I-TzJnS2s5gAejCpJ0CsZqT51APE2c6iTcSDmwedxilkhlj8H-VgCplOodgUXF-HEvcJwAXOnUfW3z6nTcmuHrCsZmfk6KO_oMoZOfrgSWT971ZTtdm6pNPCKZ1ZbCYV1OYUam2KvJjCDRtQ5V1w9xGU-I0sPzqLrD85b1MNJfae7XaloFHHX6IyCZdCL5RLrNeJlgQXkvdESINYzCVSyRTMNlDURzVQJA0UeQN9sdcKaS_kHgtWkkjwLg1ZGAoZ06jnU8oi3kXBr0GJLXDz8XYu1t3GYOJMISdFxu3Iv3UAhdEc3K7BMBr5u8V7eer3aERXaDTykJtrt0TQlUHMw1GMDbUFU9yBXa9gRQPWEQxEhVISlJagZASlIigdQTmoborU-rbaFqktYm8R_UUMqrF2ayN2U7s1mREwswUjqonKP7DXwd2R8TCxYqxrx2JXjVksqlG-Tx6vn6SxWz3EhtxrySAIY09wKaK4KyTthDHze2wl8GUU9WgIqyoo25wLOVQzcumZfeTq_st_I2Z3YdO74OppsMIDKyuw9QrD7Md153KbM-tkkjK73ua6D6Er5O4o3NXGKN0nx8cXL6_ema_Hu7__DMnvkYWBmwq5qfC--oVgLb0xvqhLMrmoS0t-OJ871VdDVq_OJcec_N83b8irpTbizCm79fUrvCbqdPeytO4sy4TK1iz5dlUJIc1pbbgkt8_YKzK-UNj11cJkRX72wqunz_RzI61VOpuCqRk59vBTcDUjx3_6av4tOi_8AZ5_CJsf9mk1QZw3kSqCVB7iLK5g_1XHh_nI3sCaaYK568j6FQamwiCtwNIt2OLY2OXm3slfv6jtS8RpcxynpjmJU5N-Vut0-0Asq_ZaSSB9Tmmvu-IFvUR6QSh40umFkVhhNAgknJ2pd04e-ycAAP__VRXO6L4EAAA= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=3; pdhtkv49=true; uncs49=3; u_pl28090609=1; iprc_l+502970cc2f9f744e7acbde213f0828a6=5941311; iprc_l:5941311=1; uid_id2=77ed0952-0ef4-414e-a859-dcdec8d403bd:1:1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 6\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e6bab73f83b28d31dbdc6954b81ad01d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":101,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":101,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSunuS0HsR18TzoRUEmPdM9k2n3EI1rQjAmMYkE_HGo7qqelKnpaquqpyfjJRqQPQZP6qnzTbLRNSyKN0EIEy8SEHYumsMGxL9AhMWLIJMMxH1Q732vvjq873v12X52QTxk9HzlLdUTUtKpesUtv7ghEqZyU15aL1fdinu7vCGShn-73B0l3Xml6vkV96XyPI-21FTNrbpu1a2W54TmsepOXbIQ6XFQrQRuxa9VqnUfXf1kbzIHhjpgnQtyE4INn_4zfg8iGiBpf3eHmy2r0pffaGeSWqXRYUfvJFuJyhO0r2GsHcTJ0fg1lBkS8kUJKjkaK4DqHIwUIBRDUnruEcLkaDwmws7h1aShBE8QsqeQdwbgcgBBB4jULgR7SICIYWkZSfvektI53b5i6YgdksnHf0PkQzL56BaS9oNZKbrlNSUzK1Ri0I0LiO4AojVAmp3C9hyI_BSR_RSC_UqmHi8iaR8sG6kgWHGpXsQDUOMgGx3hIIsdZKmDNjsv-27Tj6rUa8QBi6Zdn_o-46EbNGuuS4NoGln0CQTbQ6R3kOodbIk96OwEZrOAYQ6MHRLn7R10WIGcE-SGIKcEuSDILUHeKQ6ZNDVT3GPSZGF1XGvj6hV9ZVv79FDZFk8IqN6DZsWBSD8yu4jsRL8XG9ZXo0RDW_RpyIr99II8M3LLOS7-whY_L3PP88MqizgLwmnG3bof0lqTNrwaD4Km68OIAsKULo3oiSFZe-ECqXj46r8I6SmMPEUkngfNqqB5AbpZoJf8sGltalJqLI8lNZuVSLXBVIHUTsJuO_vygjzbX12fPbnc3Ltfz4BHZzO298f8g1sfI9IFUl3gQ_EzQUve7a-qnBysqtyQ75dTK9qiR0dbXbPU8on7b_LtXGm2cMfsffNaNCJG8HidG7tIEyaSliHfzgrGuJ5TOuLkpwWzwcOVzGzOZjrJ0sWV1-cW2qnmxgiVDEDFkNw4uY9IDMnN33Yvf6w3_w-idAcmPSPjgFEEYVqCFASSX9_TsID5Xx9e431zFy1dArW7SNoFOrpARxagcg8mu9G3qT6b-eXLUXyFUJb6odSlg1Bq-fmQfPD7j1dmGXFertdCr9FsNnjcYLHHvJrHgrrLA58GDT_w67BmKN6fmfgvAAD__yfXpUhZBAAA","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.244Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSz2skRRSunuS0HsR18TzoRUEmPdM9k2n3EI1rQjAmMYkE_HGo7qqelKnpaquqpyfjJRqQPQZP6qnzTbLRNSyKN0EIEy8SEHYumsMGxL9AhMWLIJMMxH1Q732vvjq873v12X52QTxk9HzlLdUTUtKpesUtv7ghEqZyU15aL1fdinu7vCGShn-73B0l3Xml6vkV96XyPI-21FTNrbpu1a2W54TmsepOXbIQ6XFQrQRuxa9VqnUfXf1kbzIHhjpgnQtyE4INn_4zfg8iGiBpf3eHmy2r0pffaGeSWqXRYUfvJFuJyhO0r2GsHcTJ0fg1lBkS8kUJKjkaK4DqHIwUIBRDUnruEcLkaDwmws7h1aShBE8QsqeQdwbgcgBBB4jULgR7SICIYWkZSfvektI53b5i6YgdksnHf0PkQzL56BaS9oNZKbrlNSUzK1Ri0I0LiO4AojVAmp3C9hyI_BSR_RSC_UqmHi8iaR8sG6kgWHGpXsQDUOMgGx3hIIsdZKmDNjsv-27Tj6rUa8QBi6Zdn_o-46EbNGuuS4NoGln0CQTbQ6R3kOodbIk96OwEZrOAYQ6MHRLn7R10WIGcE-SGIKcEuSDILUHeKQ6ZNDVT3GPSZGF1XGvj6hV9ZVv79FDZFk8IqN6DZsWBSD8yu4jsRL8XG9ZXo0RDW_RpyIr99II8M3LLOS7-whY_L3PP88MqizgLwmnG3bof0lqTNrwaD4Km68OIAsKULo3oiSFZe-ECqXj46r8I6SmMPEUkngfNqqB5AbpZoJf8sGltalJqLI8lNZuVSLXBVIHUTsJuO_vygjzbX12fPbnc3Ltfz4BHZzO298f8g1sfI9IFUl3gQ_EzQUve7a-qnBysqtyQ75dTK9qiR0dbXbPU8on7b_LtXGm2cMfsffNaNCJG8HidG7tIEyaSliHfzgrGuJ5TOuLkpwWzwcOVzGzOZjrJ0sWV1-cW2qnmxgiVDEDFkNw4uY9IDMnN33Yvf6w3_w-idAcmPSPjgFEEYVqCFASSX9_TsID5Xx9e431zFy1dArW7SNoFOrpARxagcg8mu9G3qT6b-eXLUXyFUJb6odSlg1Bq-fmQfPD7j1dmGXFertdCr9FsNnjcYLHHvJrHgrrLA58GDT_w67BmKN6fmfgvAAD__yfXpUhZBAAA HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2d5daaf080c92f8dfca776ccca889799\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":664,"timings":{"blocked":277,"dns":1,"connect":93,"send":0,"wait":100,"receive":0,"ssl":191},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/18/a9/3a/18a93a23640bef9e9db0605254fda42d/1756661839.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.312Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/18/a9/3a/18a93a23640bef9e9db0605254fda42d/1756661839.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 72107\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:37:19 GMT\r\netag: \"68b4884f-119ab\"\r\nexpires: Wed, 07 Jan 2026 22:45:23 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":72107,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:11:41], progressive, precision 8, 320x240, components 3","md5":"d93418e60c08a4971076f1eeb64310a2","sha1":"6bd2c394ee81cda9c8178ad29dcc625434de82e2","sha256":"a05bb96b04f8e69521e9a34c26f9e6e56303a5cfda91bb6af42d0c07dd8a0d65","sha512":"ef95fc1bf232f9c7471931ce073aa2749a8979d63d8a9d05c8685d135e7b1e9b12d4e29225b11ab1a302b4a2243ce5d8a745e45dd1a24f66b0c48bce6ab48bf1","ssdeep":"1536:QLZxtWoLZxtWzKw/QcYLEJMbqp3uZXCNnvoqFoTTiALH6Jm2cEG:QVBVpw/Xufbq1uZXCQTTRLHvbEG","tlshash":"9563f13e6b49af33f4c757b468f8dbd1e3014ed85a7310a5798c29923b31692cb4d582","first_seen":"2025-09-02T18:27:26.477089Z","last_seen":"2026-04-20T09:46:39.678466Z","times_seen":1324,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":54,"receive":33,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/ae/79/89/ae7989f2633270f8048003ed9cebf55b/1756661969.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.405Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/ae/79/89/ae7989f2633270f8048003ed9cebf55b/1756661969.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 100950\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:39:29 GMT\r\netag: \"68b488d1-18a56\"\r\nexpires: Wed, 07 Jan 2026 22:45:23 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":100950,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:27:26], progressive, precision 8, 320x240, components 3","md5":"5188b48a2994b55c67b2211a8ed9208d","sha1":"bb1c8a605f489997516d624fbd593b3639e517f8","sha256":"571cbce9dfe4866d792c5bee341d78496f485c467f62fc02b05ceefb08ec6640","sha512":"e399ae6cb27bb09cf3b6103ddb797913f01b43bdafe23d901cd146ed2d544950268e28dd3ee6636fc04d0e6b3c46efdf4141e79de3cfeecd7f18e98e3ab25905","ssdeep":"3072:ooliolMDPZveGJW14aqv8nDsabzPqaqEGf:H92Nzv8UaqJ","tlshash":"bda3f12d6b69ce53f4d4277d3aa38ac68751a91253a3b7843cbd504933b064dbcce907","first_seen":"2025-09-02T18:27:26.483242Z","last_seen":"2026-04-19T20:30:35.654968Z","times_seen":1303,"resource_available":false,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":23,"receive":4,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/assets/native-ad.js","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.109Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pasteflash.sx","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Dec 2025 15:35:39 GMT","end":"Thu, 26 Mar 2026 15:35:38 GMT"},"fingerprint":{"sha1":"EA:61:C1:89:B4:4A:4D:AA:44:91:00:20:BF:CB:5F:E8:F7:62:CF:0B","sha256":"F6:6F:DD:F8:A4:12:D3:AF:DB:74:B1:C4:4C:B0:67:9A:5F:63:0C:A0:C1:45:94:4E:3F:BB:73:06:81:E3:3C:7F"}}},"request":{"raw":"GET /assets/native-ad.js HTTP/1.1\r\nHost: pasteflash.sx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/VbqILJAi\r\nCookie: PHPSESSID=qr4cht3450qrn8l0pcmf68r46j\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 12 Jan 2026 22:45:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 04 Jan 2026 18:38:32 GMT\r\netag: \"4af-695ab3a8-619974aab1fd8bff;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 534\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\nx-frame-options: DENY\r\ncontent-security-policy: frame-ancestors 'none';\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1199,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"d05dfa81c786a20fafcceca6f1f211d8","sha1":"4f6da6db2c6767d6a5487552c91b6153d4ff3050","sha256":"7bb33d2dd3964fcac489cacdd9eb0145dd8225da46a788c26e7c553449a779d6","sha512":"106f217cb7752ac7778acdca0890a10f75b07d2809efe7908dd59a1ac4708a3cffdfa3f34b456ddeed7396c10f2e88bc4b6edd07e489ab4e78696819dee7b4fb","ssdeep":"","tlshash":"07218e4a0ea2642d9d5f31aec7efa214269280234507d901bc4dc305afe477e491eeef","first_seen":"2026-01-04T23:46:41.734424Z","last_seen":"2026-02-04T03:42:46.434592Z","times_seen":51,"resource_available":true,"data":null}},"time_used":45,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":45,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acceptableredheadcaviar.com/745b95ffd64b1a4535afda140744beec/invoke.js","fqdn":"acceptableredheadcaviar.com","domain":"acceptableredheadcaviar.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.291Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"acceptableredheadcaviar.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 08 Nov 2025 20:35:16 GMT","end":"Fri, 06 Feb 2026 20:35:15 GMT"},"fingerprint":{"sha1":"AC:97:AD:F5:16:D4:4B:35:A3:E8:AC:B3:B8:A7:9E:FF:D6:55:0A:44","sha256":"9A:49:A6:9E:64:B9:B4:85:9B:F9:24:85:9B:74:38:52:E2:0B:B2:2E:D7:95:D2:C7:3F:F6:64:59:1F:17:65:CA"}}},"request":{"raw":"GET /745b95ffd64b1a4535afda140744beec/invoke.js HTTP/1.1\r\nHost: acceptableredheadcaviar.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:21 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 18488\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: acceptableredheadcaviar.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 104afe76fa3a63aea5017a5cd6c8dbc2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":46248,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (46248), with no line terminators","md5":"ba34b1316b140708ec05abeb429f7d15","sha1":"959deb0bcf43c11965a7facf331e796495728a85","sha256":"5692642d47f606b66a092b605cfdc22adc1556017d40f0337aeb44378a604711","sha512":"29ef50c540f50f3e40eb70e3d7ebccf7ad19ee1ac79a1fb5e36003b7f4ad8c125282d05e0305dcac6e27797642b12bfb068fb9d09f747bbdc29420070564acc5","ssdeep":"768:dB2Ef/5+sNKlKMHLQTwkf0R6sYeLvLoK12G6FYc0CnVr:dB2E5+aMHLQTwkf0bLDLoK12tFYNOF","tlshash":"9c23fa5dbf92f006165f70b7372fa106b11a8c19680cd89cfa07fda46d68f05e837aa4","first_seen":"2026-01-04T23:46:41.715526Z","last_seen":"2026-01-05T22:45:51.45277Z","times_seen":2,"resource_available":true,"data":null}},"time_used":788,"timings":{"blocked":278,"dns":39,"connect":91,"send":0,"wait":96,"receive":92,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_1RSzWskRRytng0e1oPoiudBLyoy6Z7uJDPuIRrXSDAmMYkE_DhUV1VPytR0tVXV05M5RQOyeAqe1IudN8nGjyCKN0FZJl5kQdg5GWFz8S9YhL0JMrMD0R_U76NeHd57v_r4ML8gIXJ6vvaG7kml6PRMza8-uyVTrgtbXdmsBn7Nv17dkulsdL3aHSXTeTEIo5r_XPU1wXb0dN0PfD_wg-qiNCLR3ekxCpmdNoNa069F9VowE6Fr_j_b3IOlHnjngjwByYeP_ZW8A8kGSNvf3xB2x-nshVfbuaJOG3T4yVvpTqqLFO3LNjEekvRk8hraDgn5rAKdnkwUQHeORgoQyyGpPHUPcXoyoYm4c_yQaawgUsT8URSdAYQaQNIBmN6H5HcJwDhWVpG2b61oU9DdhygdoUMy9eBvyGJIpu49ibT93YKS3eqGVrmTOrXoJiVkdwDZGiDLz-B6HmRxBuY-guS_k-kHy0jbR6tWaUhejtXLZABqPeSjIz3kiYc889Dm59XIb0QsoOFs0uRszo9oFHER-81G3fdpk80hZx9C8gMws4fM7GFHHsDkt2G3S1juwboh8d7cQ4eXKARBYQkKSlBIgsIRFJ3ymCtbt-UtrmweB5Nan9Sw7GvXOqTH2rVESkDNAQwvj2T2gd0Hc1f6vcTyvh4lGruyT2NeHmYX5PGRW95peR874rwqwjCKA84Eb8ZzXPgzUUzrDTob1kWz2fAjWFlC2srYiJ4cko1nLpDJuy_9g5iewaozMPk0aB6AFiXodole-uO2c5nNqHUiUdRu15hug-sSmZuC2_UO1QW51l_fXLg93tx7f_wEwe6QSYCZEpkp8b78laClbvbXdUGO1nVhyQ-rmZNt2aOjrW446sQj37wudgtt-NINe_D1y2wEjNrTTWHdMk25TFuWfLsgORdmURsmyM9LdkvEa7ndXshNmmfLa68sLrUzI6yVOh2AyiG5ev8TMDkk1375cvxjZ57_Eyzbg80ueVpNEGcelCRQ4vKexiXsf-b4sj-0N9EyFVC3j7RdomNKdFQJqg5g86t9l5k78799PoovEKtKP1amchQroz4d-zQkb381DyvPq0ko6sz3G3OzQdhIRBBGnCUzjajJZ6kfhgLODuW781f-DQAA___keuHBWQQAAA==","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.248Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSzWskRRytng0e1oPoiudBLyoy6Z7uJDPuIRrXSDAmMYkE_DhUV1VPytR0tVXV05M5RQOyeAqe1IudN8nGjyCKN0FZJl5kQdg5GWFz8S9YhL0JMrMD0R_U76NeHd57v_r4ML8gIXJ6vvaG7kml6PRMza8-uyVTrgtbXdmsBn7Nv17dkulsdL3aHSXTeTEIo5r_XPU1wXb0dN0PfD_wg-qiNCLR3ekxCpmdNoNa069F9VowE6Fr_j_b3IOlHnjngjwByYeP_ZW8A8kGSNvf3xB2x-nshVfbuaJOG3T4yVvpTqqLFO3LNjEekvRk8hraDgn5rAKdnkwUQHeORgoQyyGpPHUPcXoyoYm4c_yQaawgUsT8URSdAYQaQNIBmN6H5HcJwDhWVpG2b61oU9DdhygdoUMy9eBvyGJIpu49ibT93YKS3eqGVrmTOrXoJiVkdwDZGiDLz-B6HmRxBuY-guS_k-kHy0jbR6tWaUhejtXLZABqPeSjIz3kiYc889Dm59XIb0QsoOFs0uRszo9oFHER-81G3fdpk80hZx9C8gMws4fM7GFHHsDkt2G3S1juwboh8d7cQ4eXKARBYQkKSlBIgsIRFJ3ymCtbt-UtrmweB5Nan9Sw7GvXOqTH2rVESkDNAQwvj2T2gd0Hc1f6vcTyvh4lGruyT2NeHmYX5PGRW95peR874rwqwjCKA84Eb8ZzXPgzUUzrDTob1kWz2fAjWFlC2srYiJ4cko1nLpDJuy_9g5iewaozMPk0aB6AFiXodole-uO2c5nNqHUiUdRu15hug-sSmZuC2_UO1QW51l_fXLg93tx7f_wEwe6QSYCZEpkp8b78laClbvbXdUGO1nVhyQ-rmZNt2aOjrW446sQj37wudgtt-NINe_D1y2wEjNrTTWHdMk25TFuWfLsgORdmURsmyM9LdkvEa7ndXshNmmfLa68sLrUzI6yVOh2AyiG5ev8TMDkk1375cvxjZ57_Eyzbg80ueVpNEGcelCRQ4vKexiXsf-b4sj-0N9EyFVC3j7RdomNKdFQJqg5g86t9l5k78799PoovEKtKP1amchQroz4d-zQkb381DyvPq0ko6sz3G3OzQdhIRBBGnCUzjajJZ6kfhgLODuW781f-DQAA___keuHBWQQAAA== HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a61cb82a6934340981da3c440b1ae194\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":660,"timings":{"blocked":275,"dns":1,"connect":93,"send":0,"wait":99,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_4RTT4gcxReumYTfIb-DaMTzoB5UZLZ7und32hyia4wEYxKTSA4xSHVV9Uw5NV1tVfX0ZE7RQAieFk_qxZ5vJrtGF1G8qoSJCBIQMif3kL0I3oOQmyA9O7B68kG_f19TvO-rVzfG-R4JkNPdc2_qkVSKrqw2vcZzl2TKdWEbZy42fK_pHWtckulaeKwxrJwZvOQHYdN7vvG6YD290vJ8z_M9v3FSGpHo4coChcx2Ir8Zec2w1fRXQwzNv2ub12FpHXywR56A5PPHfk8uQ7IZ0v43J4TtOZ29-Fo_V9RpgwHffjvtpbpI0T9IE1NDkm4v_4a2c0I-qUOn20sG0INpxQCxnJP6Uw8Qp9vLMREPbu1PGiuIFDH_P4rBDELNIOkMTF-H5PcJwDjOnEXa3zqjTUGv7qO0Qufk8KM_IYs5OfzgSaT9rzeUHDYuaJU7qVOLYVJCDmeQnRmyfAY3qkEWd8Hch5D8V7Ly6DTS_vSsVRqSlwv2MpmB2hry6pM15EkNeVZDn-82Qq8dMp8Ga0nE2boX0jDkIvaidsvzaMTWkbMPIPkmmLmxlafMhtHY38nfzVSr7UXemheN_d1nUyWYCIIw9jkTPIrXufBWw5i22nQtaIkoanvh7curUegHvn9lK-Nd1xtMncnFtDpz7H-x3wqjRROZuYae3ITJ78B2S1heh3VzUnvrGga8RCEICktQUIJCEhSOoBiUt7iyLVtucWXz2F_G1jIG5US7zpje0q4jUgJqNmF4OZXZ-_Y6mDs0GSWWT3TlaOzKCY15Oc72yOPVtdR2yofoid3Gf9GElSWkrS8UH8k5ufDMHjJ5_-W_ENO7sOoumHwaNPdBixK0W2KUftd1LrMZtU4kitpuk-k-uC6RucNwV2tjtUeOTs5f3LizWJErv_0Mwe6RpYGZEpkp8Z78iaCjbk7O64JMz-vCkm_PZk725YhW63PBUSf-9-Ub4mqhDT91wm7efoVVQJXuXBTWnaYpl2nHkq82JOfCnNSGCfLDKXtJxOdy293ITZpnp8-9evJUPzPCWqnTGaickyMPPwKTc3L0x88XT2P1hT_Asmuw2cGcVhPEWR1KEihx0KdxCfuPOj7Ix_YmOqYO6q4j7ZcYmBIDVYKqTdj8yMRl5t7xXz6t7DPEqj6JlalPY2XUx5VO3--LZeVuIwlEi3lee33ND9qJ8IOQs2S1HUZ8jXpBIODsXL5z_NDfAQAA__--Tvi8wgQAAA==","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.317Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_4RTT4gcxReumYTfIb-DaMTzoB5UZLZ7und32hyia4wEYxKTSA4xSHVV9Uw5NV1tVfX0ZE7RQAieFk_qxZ5vJrtGF1G8qoSJCBIQMif3kL0I3oOQmyA9O7B68kG_f19TvO-rVzfG-R4JkNPdc2_qkVSKrqw2vcZzl2TKdWEbZy42fK_pHWtckulaeKwxrJwZvOQHYdN7vvG6YD290vJ8z_M9v3FSGpHo4coChcx2Ir8Zec2w1fRXQwzNv2ub12FpHXywR56A5PPHfk8uQ7IZ0v43J4TtOZ29-Fo_V9RpgwHffjvtpbpI0T9IE1NDkm4v_4a2c0I-qUOn20sG0INpxQCxnJP6Uw8Qp9vLMREPbu1PGiuIFDH_P4rBDELNIOkMTF-H5PcJwDjOnEXa3zqjTUGv7qO0Qufk8KM_IYs5OfzgSaT9rzeUHDYuaJU7qVOLYVJCDmeQnRmyfAY3qkEWd8Hch5D8V7Ly6DTS_vSsVRqSlwv2MpmB2hry6pM15EkNeVZDn-82Qq8dMp8Ga0nE2boX0jDkIvaidsvzaMTWkbMPIPkmmLmxlafMhtHY38nfzVSr7UXemheN_d1nUyWYCIIw9jkTPIrXufBWw5i22nQtaIkoanvh7curUegHvn9lK-Nd1xtMncnFtDpz7H-x3wqjRROZuYae3ITJ78B2S1heh3VzUnvrGga8RCEICktQUIJCEhSOoBiUt7iyLVtucWXz2F_G1jIG5US7zpje0q4jUgJqNmF4OZXZ-_Y6mDs0GSWWT3TlaOzKCY15Oc72yOPVtdR2yofoid3Gf9GElSWkrS8UH8k5ufDMHjJ5_-W_ENO7sOoumHwaNPdBixK0W2KUftd1LrMZtU4kitpuk-k-uC6RucNwV2tjtUeOTs5f3LizWJErv_0Mwe6RpYGZEpkp8Z78iaCjbk7O64JMz-vCkm_PZk725YhW63PBUSf-9-Ub4mqhDT91wm7efoVVQJXuXBTWnaYpl2nHkq82JOfCnNSGCfLDKXtJxOdy293ITZpnp8-9evJUPzPCWqnTGaickyMPPwKTc3L0x88XT2P1hT_Asmuw2cGcVhPEWR1KEihx0KdxCfuPOj7Ix_YmOqYO6q4j7ZcYmBIDVYKqTdj8yMRl5t7xXz6t7DPEqj6JlalPY2XUx5VO3--LZeVuIwlEi3lee33ND9qJ8IOQs2S1HUZ8jXpBIODsXL5z_NDfAQAA__--Tvi8wgQAAA== HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 222e007350549d97f063969fd9a169c3\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":216,"timings":{"blocked":120,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_4RTv48bRRseO9FX5CsQBFFbQAEI-Xa9e3deUgSOEBQRkpAEpQgRmp2ZtQePd5aZWa_jKhApiqhOVEDD-rFzR-CEQNRA5ECBIiHFFVfkKPgLIqR0SGh9lg4qXmneH88zxfu8886Ncb5HAuR099ybeiSVoiurTa_x3CWZcl3YxpmLDd9rescal2S6Fh5rDCtnBi_5Qdj0nm-8LlhPr7Q83_N8z2-clEYkeriyYCGznchvRl4zbDX91RBD8-_a5nVYWgcf7JEnIPn8sT-Sy5BshrT_zQlhe05nL77WzxV12mDAt99Oe6kuUvQP0sTUkKTby9vQdk7IJ3XodHupAHowrRQglnNSf-oB4nR72Sbiwa39TmMFkSLm_0cxmEGoGSSdgenrkPw-ARjHmbNI-1tntCno1X2WVuycHH70J2QxJ4cfPIm0__WGksPGBa1yJ3VqMUxKyOEMsjNDls_gRjXI4i6Y-xCS_0pWHp1G2p-etUpD8nKhXiYzUFtDXh1ZQ57UkGc19PluI_TaIfNpsJZEnK17IQ1DLmIvarc8j0ZsHTn7AJJvgpkbWxnvut5g6kwupnnK7Nj_Yh8KowW4VYFhNPZ38ncz1Wp7kbfmRWN_99lUCSaCIIx9zgSP4nUuvNUwpq02XQtaIoraXnj78moU-oHvX0FmrqEnN2HyO7DdEpbXYd2c1N66hgEvUQiCwhIUlKCQBIUjKAblLa5sy5ZbXNk89pextYxBOdGuM6a3tOuIlICaTRheTmX2vr0O5g5NRonlE105GrtyQmNejrM98nj1LLWd8iF6YrfxXypgZQlp64uJj-ScXHhmD5m8__JfiOldWHUXTD4NmvugRQnaLTFKv-s6l9mMWicSRW23yXQfXJfI3GG4q7Wx2iNHJ-cvbtxZrMiV336EYPfI0sBMicyUeE_-RNBRNyfndUGm53VhybdnMyf7ckSr9bngqBP_-_INcbXQhp86YTdvv8Iqokp3LgrrTtOUy7RjyVcbknNhTmrDBPn-lL0k4nO57W7kJs2z0-dePXmqnxlhrdTpDFTOyZGHH4HJOTn6w-eLr7H6wu9g2TXY7KBPqwnirA4lCZQ4wGlcwv6jjg_ysb2JjqmDuutI-yUGpsRAlaBqEzY_MnGZuXf8l08r-wyxqk9iZerTWBn1cTWnn_eHZeVuIwlEi3lee33ND9qJ8IOQs2S1HUZ8jXpBIODsXL5z_NDfAQAA__9xsVvswgQAAA==","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.407Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_4RTv48bRRseO9FX5CsQBFFbQAEI-Xa9e3deUgSOEBQRkpAEpQgRmp2ZtQePd5aZWa_jKhApiqhOVEDD-rFzR-CEQNRA5ECBIiHFFVfkKPgLIqR0SGh9lg4qXmneH88zxfu8886Ncb5HAuR099ybeiSVoiurTa_x3CWZcl3YxpmLDd9rescal2S6Fh5rDCtnBi_5Qdj0nm-8LlhPr7Q83_N8z2-clEYkeriyYCGznchvRl4zbDX91RBD8-_a5nVYWgcf7JEnIPn8sT-Sy5BshrT_zQlhe05nL77WzxV12mDAt99Oe6kuUvQP0sTUkKTby9vQdk7IJ3XodHupAHowrRQglnNSf-oB4nR72Sbiwa39TmMFkSLm_0cxmEGoGSSdgenrkPw-ARjHmbNI-1tntCno1X2WVuycHH70J2QxJ4cfPIm0__WGksPGBa1yJ3VqMUxKyOEMsjNDls_gRjXI4i6Y-xCS_0pWHp1G2p-etUpD8nKhXiYzUFtDXh1ZQ57UkGc19PluI_TaIfNpsJZEnK17IQ1DLmIvarc8j0ZsHTn7AJJvgpkbWxnvut5g6kwupnnK7Nj_Yh8KowW4VYFhNPZ38ncz1Wp7kbfmRWN_99lUCSaCIIx9zgSP4nUuvNUwpq02XQtaIoraXnj78moU-oHvX0FmrqEnN2HyO7DdEpbXYd2c1N66hgEvUQiCwhIUlKCQBIUjKAblLa5sy5ZbXNk89pextYxBOdGuM6a3tOuIlICaTRheTmX2vr0O5g5NRonlE105GrtyQmNejrM98nj1LLWd8iF6YrfxXypgZQlp64uJj-ScXHhmD5m8__JfiOldWHUXTD4NmvugRQnaLTFKv-s6l9mMWicSRW23yXQfXJfI3GG4q7Wx2iNHJ-cvbtxZrMiV336EYPfI0sBMicyUeE_-RNBRNyfndUGm53VhybdnMyf7ckSr9bngqBP_-_INcbXQhp86YTdvv8Iqokp3LgrrTtOUy7RjyVcbknNhTmrDBPn-lL0k4nO57W7kJs2z0-dePXmqnxlhrdTpDFTOyZGHH4HJOTn6w-eLr7H6wu9g2TXY7KBPqwnirA4lCZQ4wGlcwv6jjg_ysb2JjqmDuutI-yUGpsRAlaBqEzY_MnGZuXf8l08r-wyxqk9iZerTWBn1cTWnn_eHZeVuIwlEi3lee33ND9qJ8IOQs2S1HUZ8jXpBIODsXL5z_NDfAQAA__9xsVvswgQAAA== HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5ef588df9d45627c499cfd293501be07\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":307,"timings":{"blocked":212,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/impr.gif?sid=H4sIAAAAAAAC_1STv28cRRTHZ-OIJgUQELQnoAAJn2d2Z3dvSREwIcgiJJETlAKaN7_swXs7y87ureMqEAmltJCQKNfvnFiAQSCQqJCiMxURSD4qF3HDnxApHRI6x5LhFe_HfKb4vtF3Pt9qDkmEDRxcfd9t2DyHhbhPe6_esIVyre9dvt5jtE_P9W7YIuHneuuzVI3eYBHv09d672q55hZCyihllPUu2kobt75wRNGWuxnrZ7TPwz6LOa5X_599E6CHANXokJxFq6ZP_20-RCsnWAx_uKD9Wu3K198ZNjnUrsKR2vmgWCtcW-DwpDVVgKbYOb6Nzk8J-eoUumLneAN0o-3ZBijslJx64SGKYudYJorR3SdKRY66QKHOYDuaoM730MIEpbuNVu0TRKnw8hUshvcuu6qFm08ozOiUnH78CG07JacfPo_F8PvF3K73rrm8qa0rPK6bDu36BO3KBMtmD-uNAG27h7L-DK36kyw8voTFcPuKzx1adfAKNxRYZsw800zMcy75PJhBNK_TFDIhEi1DOHoiayYIfg4bH2BjA2xMgE0Z4FAd9DgdcMkgSkymZEo5cK60oNkgpBQymWIjP0WrNlFWt7CsbuGa_WJKgjNn9xd-waq5j3714OckjhOTDEAJmg5kZjKlVBjGCcuUziLQeiBMIpSmWajiCPiA6TRkOtIxiCSRsWIyZSxJo5BnIc90JIVOVQwDMIZriGOd8STL0kioiHPNw9RAzFWYJDyhaRpGivOUUUhimQ5AKZVlGTNAgbLESFCJgDhMaKJYKJQRkCUa0KsAfU1wpDpsNcHWE2yBYGsJtjXBdtTdVbkPfXdP5b4R7LiGxzXqxq5e2YK7rl7RBUGoNrFS3bYtP_G3UdZz4w3j1djNEoi6G4NQ3VZ5SJ6deSHY7R7hmj7opTwWWWyMSrhgwOMoBqOAcZpyLrSW6G2H1p9C8AFu2Cm59vIhlnb_zX9QwB76fA-lfQmheRGhHafhAGEVM4obxU-rdV36EnytTQ5-tS_dEJXrsKxPY30z2MoPyXPj5euL94_MufxHjlo-IMeBsuqwrDr82P5GcCW_M152Ldledq0nP14pazu0GzAz7rUaav3UN-_pm62r1NIFv_n1W3IGZu3ude3rS1AoW6x48u2iVUpXF10lNfl1yd_Q4mrjVxebqmjKS1ffvrg0LCvtvXXFBMHu699R2il55svg6Ev2l75DWd5CX56o9I6gKAnmlmCuT85BdOj_M4uTfsvfwZUqQKhvYzHscFR1OMo7hHwTfTM3rsvqwfm_oqNAkQdjkVdkW-TVjNuDnol0KCkdpAmLBkaziCtp4gHPVAI0ijTWfmo_Oj_3bwAAAP__VEyhyzAFAAA=","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.563Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:50:13 GMT","end":"Sun, 29 Mar 2026 00:50:12 GMT"},"fingerprint":{"sha1":"B6:89:38:EE:EF:1E:F1:A0:93:51:BB:7A:F2:13:F5:DF:8C:9B:8F:F7","sha256":"74:22:2C:3F:1E:A6:04:C8:AD:7C:D8:B4:13:57:A5:95:EF:83:FA:28:18:BC:F3:BD:38:93:CB:DA:4B:30:3F:8A"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1STv28cRRTHZ-OIJgUQELQnoAAJn2d2Z3dvSREwIcgiJJETlAKaN7_swXs7y87ureMqEAmltJCQKNfvnFiAQSCQqJCiMxURSD4qF3HDnxApHRI6x5LhFe_HfKb4vtF3Pt9qDkmEDRxcfd9t2DyHhbhPe6_esIVyre9dvt5jtE_P9W7YIuHneuuzVI3eYBHv09d672q55hZCyihllPUu2kobt75wRNGWuxnrZ7TPwz6LOa5X_599E6CHANXokJxFq6ZP_20-RCsnWAx_uKD9Wu3K198ZNjnUrsKR2vmgWCtcW-DwpDVVgKbYOb6Nzk8J-eoUumLneAN0o-3ZBijslJx64SGKYudYJorR3SdKRY66QKHOYDuaoM730MIEpbuNVu0TRKnw8hUshvcuu6qFm08ozOiUnH78CG07JacfPo_F8PvF3K73rrm8qa0rPK6bDu36BO3KBMtmD-uNAG27h7L-DK36kyw8voTFcPuKzx1adfAKNxRYZsw800zMcy75PJhBNK_TFDIhEi1DOHoiayYIfg4bH2BjA2xMgE0Z4FAd9DgdcMkgSkymZEo5cK60oNkgpBQymWIjP0WrNlFWt7CsbuGa_WJKgjNn9xd-waq5j3714OckjhOTDEAJmg5kZjKlVBjGCcuUziLQeiBMIpSmWajiCPiA6TRkOtIxiCSRsWIyZSxJo5BnIc90JIVOVQwDMIZriGOd8STL0kioiHPNw9RAzFWYJDyhaRpGivOUUUhimQ5AKZVlGTNAgbLESFCJgDhMaKJYKJQRkCUa0KsAfU1wpDpsNcHWE2yBYGsJtjXBdtTdVbkPfXdP5b4R7LiGxzXqxq5e2YK7rl7RBUGoNrFS3bYtP_G3UdZz4w3j1djNEoi6G4NQ3VZ5SJ6deSHY7R7hmj7opTwWWWyMSrhgwOMoBqOAcZpyLrSW6G2H1p9C8AFu2Cm59vIhlnb_zX9QwB76fA-lfQmheRGhHafhAGEVM4obxU-rdV36EnytTQ5-tS_dEJXrsKxPY30z2MoPyXPj5euL94_MufxHjlo-IMeBsuqwrDr82P5GcCW_M152Ldledq0nP14pazu0GzAz7rUaav3UN-_pm62r1NIFv_n1W3IGZu3ude3rS1AoW6x48u2iVUpXF10lNfl1yd_Q4mrjVxebqmjKS1ffvrg0LCvtvXXFBMHu699R2il55svg6Ev2l75DWd5CX56o9I6gKAnmlmCuT85BdOj_M4uTfsvfwZUqQKhvYzHscFR1OMo7hHwTfTM3rsvqwfm_oqNAkQdjkVdkW-TVjNuDnol0KCkdpAmLBkaziCtp4gHPVAI0ijTWfmo_Oj_3bwAAAP__VEyhyzAFAAA= HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyODA5MDYxMSwiayI6Ijc0NWI5NWZmZDY0YjFhNDUzNWFmZGExNDA3NDRiZWVjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1NDQ4NjcwLCJwaWQiOjE2NjM3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJmdG5zdjJoN3oiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYXN0ZWZsYXNoLnN4L1ZicUlMSkFpIiwidHoiOjEsImFyIjpbXX19.ugqHaap55OOKGbzB2oW4HSjSP-wzopTqImSVIJtoNgI; uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv23=true; uncs23=1; u_pl28090611=1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 3035b1efb0d79661261aee3579ff1c7b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=490","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.502Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=490 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl28308530=1; slecda2934874d70693de1e2b10730abaed3=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"1xgsu731azaj.s4.adsco.re/","fqdn":"1xgsu731azaj.s4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"185.200.116.60","port":443,"asn":9009,"as":"M247 Europe SRL","country":"Singapore","country_code":"SG"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.763Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.s4.adsco.re","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 09:14:21 GMT","end":"Wed, 11 Feb 2026 09:14:20 GMT"},"fingerprint":{"sha1":"7A:03:26:53:17:4A:DA:4B:6B:97:17:4A:3D:39:18:9E:5A:E0:99:3D","sha256":"BC:B6:01:45:97:52:31:7E:50:44:A4:6C:B3:E7:A3:3D:8E:5A:1E:32:79:2D:E0:BF:94:ED:5C:36:3A:0D:94:6E"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 1xgsu731azaj.s4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:22 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nlast-modified: Tue, 03 Oct 2023 13:29:59 GMT\r\netag: \"651c1757-0\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":1083,"timings":{"blocked":-1,"dns":357,"connect":180,"send":0,"wait":180,"receive":0,"ssl":366},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_4RTv48bRRseO9FX5CsQBFFbQAEI-Xa9a8dLisARgiJCEpKgFCFCszuz9uDxzjIz6_W5OjgpiqhOVEDD-rHvjsAJgaiByAcFioQUV1yRo-AviJDSIaH1WTqoeKV5fzzPFO_zzju3xtkB8ZDR_ctvqpGQkq40607tuesiYSo3tYvXaq5Td07Xrouk5Z-uDUunBy-5nl93nq-9zqOeWmk4ruO4jls7JzSP1XBlwUKku4FbD5y636i7TR9D_e_aZFUYWgUbHJAnINj8sT_iGxDRDEn_m7Pc9KxKX3ytn0lqlcaA7byd9BKVJ-gfpbGuIE52lrehzJyQT6pQyc5SAdRgWipAKOak-tQDhMnOsk2Eg63DTkMJniBk_0c-mIHLGQSdIVIbEOw-ASKGi5eQ9LcvKp3TtUOWluycHH_0J0Q-J8cfPImk__WqFMPaVSUzK1RiMIwLiOEMojNDms1gRxWIfA-R_RCC_UpWHl1A0p9eMlJBsGKhXsQzUFNBVh5RQRZXkKUV9Nl-zXfafuRSrxUHLDrl-NT3GQ-doN1wHBpEp5BFH0CwTUT61nbKurY3mFqd8WmWRGbsfnEI-cEC3C5BPxi7u9m7qWy0ncBpOcHY3X82kTzinueHLos4C8JTjDtNP6SNNm15DR4Ebce_c6MZ-K7nujeR6nX0xCZ0dhemW8CwKoydk8pb6xiwAjknyA1BTglyQZBbgnxQbDFpGqbYZtJkobuMjWX0iomynTHdUrbDEwKqN6FZMRXp-2YDkT02GcWGTVTpaGiLCQ1ZMU4PyOPls1R2i4fo8f3af6mAEQWEqS4mPhJzcvWZA6Ti_st_IaR7MHIPkXgaNHNB8wK0W2CUfNe1NjUpNZbHkppuPVJ9MFUgtcdh1ypjeUBOTq5cW727WJGbv_0IHt0jS0OkC6S6wHviJ4KOvD25onIyvaJyQ769lFrRFyNars9VSy3_35dv8LVcaXb-rNm880pUEmW6e40be4EmTCQdQ75aFYxxfU7piJPvz5vrPLycme5qppMsvXD51XPn-6nmxgiVzEDFnJx4-BEiMScnf_h88TWaL_yOKF2HSY_6NIogTKuQgkDyI5yGBcw_6vAoH5vb6OgqqN1A0i8w0AUGsgCVmzDZiYlN9b0zv3xa2mcIZXUSSl2dhlLLj8s5_Xw4LCP2a81G6LXa7RaPWyz2mNfwWNB0eODToOUHfhPWzMU7Z479HQAA__-N2csywgQAAA==","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.402Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_4RTv48bRRseO9FX5CsQBFFbQAEI-Xa9a8dLisARgiJCEpKgFCFCszuz9uDxzjIz6_W5OjgpiqhOVEDD-rHvjsAJgaiByAcFioQUV1yRo-AviJDSIaH1WTqoeKV5fzzPFO_zzju3xtkB8ZDR_ctvqpGQkq40607tuesiYSo3tYvXaq5Td07Xrouk5Z-uDUunBy-5nl93nq-9zqOeWmk4ruO4jls7JzSP1XBlwUKku4FbD5y636i7TR9D_e_aZFUYWgUbHJAnINj8sT_iGxDRDEn_m7Pc9KxKX3ytn0lqlcaA7byd9BKVJ-gfpbGuIE52lrehzJyQT6pQyc5SAdRgWipAKOak-tQDhMnOsk2Eg63DTkMJniBk_0c-mIHLGQSdIVIbEOw-ASKGi5eQ9LcvKp3TtUOWluycHH_0J0Q-J8cfPImk__WqFMPaVSUzK1RiMIwLiOEMojNDms1gRxWIfA-R_RCC_UpWHl1A0p9eMlJBsGKhXsQzUFNBVh5RQRZXkKUV9Nl-zXfafuRSrxUHLDrl-NT3GQ-doN1wHBpEp5BFH0CwTUT61nbKurY3mFqd8WmWRGbsfnEI-cEC3C5BPxi7u9m7qWy0ncBpOcHY3X82kTzinueHLos4C8JTjDtNP6SNNm15DR4Ebce_c6MZ-K7nujeR6nX0xCZ0dhemW8CwKoydk8pb6xiwAjknyA1BTglyQZBbgnxQbDFpGqbYZtJkobuMjWX0iomynTHdUrbDEwKqN6FZMRXp-2YDkT02GcWGTVTpaGiLCQ1ZMU4PyOPls1R2i4fo8f3af6mAEQWEqS4mPhJzcvWZA6Ti_st_IaR7MHIPkXgaNHNB8wK0W2CUfNe1NjUpNZbHkppuPVJ9MFUgtcdh1ypjeUBOTq5cW727WJGbv_0IHt0jS0OkC6S6wHviJ4KOvD25onIyvaJyQ769lFrRFyNars9VSy3_35dv8LVcaXb-rNm880pUEmW6e40be4EmTCQdQ75aFYxxfU7piJPvz5vrPLycme5qppMsvXD51XPn-6nmxgiVzEDFnJx4-BEiMScnf_h88TWaL_yOKF2HSY_6NIogTKuQgkDyI5yGBcw_6vAoH5vb6OgqqN1A0i8w0AUGsgCVmzDZiYlN9b0zv3xa2mcIZXUSSl2dhlLLj8s5_Xw4LCP2a81G6LXa7RaPWyz2mNfwWNB0eODToOUHfhPWzMU7Z479HQAA__-N2csywgQAAA== HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 0\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 432e434fbbd7b48504a6da2ce2927379\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":226,"timings":{"blocked":132,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.72","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.352Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: db69825835a1e20a077648c27fef936e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-20T13:56:30.600351Z","times_seen":14443,"resource_available":true,"data":null}},"time_used":158,"timings":{"blocked":57,"dns":1,"connect":17,"send":0,"wait":23,"receive":20,"ssl":37},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.867Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:31 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 1698385\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=YmBzGoVnAzFxHKmIh74oGUb0kaqnE1bh3f6dN0JH2R7TbwT8SK5COjKuitcF6AjPOjNMVdXPK0ZLqO0pVoqUwjxmtSOAaQb741BqaUiNBWo%3D\"}]}\r\ncf-ray: 9b9681aa1dd44c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-04-16T12:24:04.644638Z","times_seen":1730,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":6,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.868Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:31 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TuY8DosJT%2BhUF2bWwDiPYoMdAjWjJhStwag9VPZgHg4Fr4qW7zgpxUoD8MThhpvaHs4zhhFwyXwljj0veBHt%2FmfpiFzr%2B2%2BbQHBZQX7G0vQ%3D\"}]}\r\nage: 1696634\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9b9681aa2de94c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-20T13:38:49.709004Z","times_seen":10900,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:22.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:50:13 GMT","end":"Sun, 29 Mar 2026 00:50:12 GMT"},"fingerprint":{"sha1":"B6:89:38:EE:EF:1E:F1:A0:93:51:BB:7A:F2:13:F5:DF:8C:9B:8F:F7","sha256":"74:22:2C:3F:1E:A6:04:C8:AD:7C:D8:B4:13:57:A5:95:EF:83:FA:28:18:BC:F3:BD:38:93:CB:DA:4B:30:3F:8A"}}},"request":{"raw":"GET /1b/50/e5/1b50e57a5911fd0a5b46962ab48ca22b.js HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 095859ac8cd086f05094b744f1370526\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":693,"timings":{"blocked":299,"dns":14,"connect":93,"send":0,"wait":96,"receive":0,"ssl":189},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"35.156.32.205","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:22.716Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:22 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://pasteflash.sx\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=77ed0952-0ef4-414e-a859-dcdec8d403bd:1:1; expires=Thu, 03 Jan 2036 22:45:22 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"53b4951b6b9c54e0e43c9ee60eca1115","sha1":"05781a6f979ef6eb3ab5ef3b6217e92899df4621","sha256":"f873a83e2fe7e9d5c637a3fc447394bab009920b68e210a569c55d059768adb9","sha512":"208035bf1a8c01d3ea6fb2a8b8c8e39199b75149897a67056366551eca363a3ad46cd058b9f68ebca58bb5b5da6529d1ab9cbb037a648f8dfa762fadf77559b8","ssdeep":"","tlshash":"4b900434314d01304dc15d37740555115175cdf47115400003304151c43703d0411030","first_seen":"2026-01-05T22:45:51.455634Z","last_seen":"2026-01-05T22:45:51.455634Z","times_seen":1,"resource_available":false,"data":null}},"time_used":537,"timings":{"blocked":257,"dns":15,"connect":21,"send":0,"wait":21,"receive":0,"ssl":218},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/53/23/86/5323869a8beda1d7db01e9c875b2f49f.js","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:22.719Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /53/23/86/5323869a8beda1d7db01e9c875b2f49f.js HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 57dda02658206091f5e8e13ca290cc26\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":689,"timings":{"blocked":294,"dns":15,"connect":92,"send":0,"wait":97,"receive":1,"ssl":188},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/98/cf/e7/98cfe7688276f1513feb6852014bbd27/1756662145.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.314Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/98/cf/e7/98cfe7688276f1513feb6852014bbd27/1756662145.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 75865\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:42:25 GMT\r\netag: \"68b48981-12859\"\r\nexpires: Wed, 07 Jan 2026 22:45:23 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":75865,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:50:24], progressive, precision 8, 320x240, components 3","md5":"690ac1a706457911a7cce051678a1aa1","sha1":"4883b6be15aedcb4f227ff96f470f06fce68ec23","sha256":"26425b8fffaa9a2084accf391313c0e8739affab7321037b0a159a434691cc10","sha512":"a085e66651c6c4caa18b0812d692137e6275d3e75eb6067931e984230a82a25a34fac0187a291c193f8f1e0e7a300c5610377500bcdc64c003ea791725641920","ssdeep":"1536:T9BsHbdwiQ9BsHbdwi2CKarAz12ABWNAYUuy1NOqKhE0fX19xQST:JydaydbKX8A0AYUu2wqgE0P1s8","tlshash":"0573020a9702ac21fed191770ae2e7b3b562e77d9753744afd9c2c153b60199884a3c2","first_seen":"2025-09-02T18:13:44.363283Z","last_seen":"2026-04-19T20:30:35.557354Z","times_seen":1342,"resource_available":false,"data":null}},"time_used":87,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":53,"receive":34,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acceptableredheadcaviar.com/da/29/34/da2934874d70693de1e2b10730abaed3.js","fqdn":"acceptableredheadcaviar.com","domain":"acceptableredheadcaviar.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.228Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"acceptableredheadcaviar.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 08 Nov 2025 20:35:16 GMT","end":"Fri, 06 Feb 2026 20:35:15 GMT"},"fingerprint":{"sha1":"AC:97:AD:F5:16:D4:4B:35:A3:E8:AC:B3:B8:A7:9E:FF:D6:55:0A:44","sha256":"9A:49:A6:9E:64:B9:B4:85:9B:F9:24:85:9B:74:38:52:E2:0B:B2:2E:D7:95:D2:C7:3F:F6:64:59:1F:17:65:CA"}}},"request":{"raw":"GET /da/29/34/da2934874d70693de1e2b10730abaed3.js HTTP/1.1\r\nHost: acceptableredheadcaviar.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30143\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: acceptableredheadcaviar.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 415bb95bd51ae6a40833b8d519a17e50\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":78767,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"f4292648827930002bef8d611f062295","sha1":"cf6498c9e2278193a0c322c4b5cdcbb0c353db8d","sha256":"6a567c5a5f58ce99cf62967d17828be7ad9d2a2c6fb08ff907b42f1ae0d7ba68","sha512":"8c89389d8466af4afc727acf51b416af78e2b62f3321946bacbd408ed604316c2f53320a09a172324a30d6998bce713c4a830d26e8942585acec9748cf83c334","ssdeep":"1536:H9yUBg8XFOUGaAVTesz3WArOwlNyBv77NzxpQ2jFFwTOjIr:H3B91clpUhxpJwEIr","tlshash":"e77309487f82b15b5352a073627fd047f0256f1261ecd498d123e6a86f6c33af636b98","first_seen":"2026-01-05T22:45:51.457224Z","last_seen":"2026-01-28T05:11:51.059386Z","times_seen":10,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":97,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu2QQP8SAa8TyoBxV3tn_N7LQ5RNcYCcYkJJEcVKR-9W65PV1tVfX0ZE7GoARPiyf1Ys83k92oiyieo2HiRQJC5uQeshf_giDkJkjPDqw-qPejvu_w3levPhsV-yREQfcuvK2HKk3pSrvlNV-4ojKhS9s8d7npey3vRPOKyjrRieagdqb_ih9GLe_F5puSb-qVwPM9z_f85mllZKIHK3MUKt-N_VbstaKg5bcjDMz_a1scgaVHIPr75CkoMXvir-RdKD5F1vvxlLSbTucvv9ErUuq0QV_svJNtZrrM0DtME9NAku0s2NB2RsiXS9DZzmIC6P6kngBMzcjSMw_Asp1Fm2D9mwedshQyAxOPo-xPIdMpFJ2C6-tQ4j4BuMC588h62-e0KenVA5TW6IwcffQ3VDkjRx88jaz3w1qqBs1LOi2c0pnFIKmgBlOo9SnyYgo3bECVd8HdJ1DiD7Ly6Cyy3uS8TTWU2Ht-dVUKL24Hy55MouXIj-Qy7bbjZcGF5F0ReSETc4lUMgW1DRT1UQ0USQNF3kBP7DUjrxtxn4adJBZ81YtoFAnJvLgbeB6N-SoKfg1KbIGbT2_lYsNt9qN44kwht4uM2ygeBbvFB3kadL3Y63jxyN8-YM05k5ozCpCba7dEuCpDxqMRw6baginuwG5UsKIB6wj6okIpCUpLUFKCUhGUjqDsVzdFagNbbYvUFsxfxGARw2qs3fqI3tRuXWYE1GzBiGqi8o_sdXB3ZDxMrBjr2lHmqjFlohrl--TJ-kkau9VDbMq9pgzDiPmCSxGzVSG9dsRo0KWdMJBx3PUiWFVB2aW5kEM1I5ee20eu7r_6Dxi9C5veBVfPghY-aFmBblQYZj9vOJfbnFonk5TajRbXPQhdIXdH4a42Ruk-OT6-eHntznw93v_zNiS_RxYGbirkpsKH6jeC9fTG-KIuyeSiLi356XzuVE8Nab06lxx18rHv3pJXS23EmVN269vXeA3U6e5lad1ZmgmVrVvy_ZoSQprT2nBJbp-xVyS7UNiNtcJkRX72wuunz_RyI61VOpuCqhk59vBzcDUjx3_5Zv4t2i89AM8_hs0P-7SagOUNpIoglYf3lFWw_6nZYT6yN7BulkDddWS9Cn1ToZ9WoOkWbHFs7HJz7-TvX9X2NVi6NGapWZqw1KRfzHWq3a-waq_ZDljY6XY7MumIJBRhEIq47ck4onEniqM2nJ2p904e-zcAAP__qyyLUL4EAAA=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.917Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu2QQP8SAa8TyoBxV3tn_N7LQ5RNcYCcYkJJEcVKR-9W65PV1tVfX0ZE7GoARPiyf1Ys83k92oiyieo2HiRQJC5uQeshf_giDkJkjPDqw-qPejvu_w3levPhsV-yREQfcuvK2HKk3pSrvlNV-4ojKhS9s8d7npey3vRPOKyjrRieagdqb_ih9GLe_F5puSb-qVwPM9z_f85mllZKIHK3MUKt-N_VbstaKg5bcjDMz_a1scgaVHIPr75CkoMXvir-RdKD5F1vvxlLSbTucvv9ErUuq0QV_svJNtZrrM0DtME9NAku0s2NB2RsiXS9DZzmIC6P6kngBMzcjSMw_Asp1Fm2D9mwedshQyAxOPo-xPIdMpFJ2C6-tQ4j4BuMC588h62-e0KenVA5TW6IwcffQ3VDkjRx88jaz3w1qqBs1LOi2c0pnFIKmgBlOo9SnyYgo3bECVd8HdJ1DiD7Ly6Cyy3uS8TTWU2Ht-dVUKL24Hy55MouXIj-Qy7bbjZcGF5F0ReSETc4lUMgW1DRT1UQ0USQNF3kBP7DUjrxtxn4adJBZ81YtoFAnJvLgbeB6N-SoKfg1KbIGbT2_lYsNt9qN44kwht4uM2ygeBbvFB3kadL3Y63jxyN8-YM05k5ozCpCba7dEuCpDxqMRw6baginuwG5UsKIB6wj6okIpCUpLUFKCUhGUjqDsVzdFagNbbYvUFsxfxGARw2qs3fqI3tRuXWYE1GzBiGqi8o_sdXB3ZDxMrBjr2lHmqjFlohrl--TJ-kkau9VDbMq9pgzDiPmCSxGzVSG9dsRo0KWdMJBx3PUiWFVB2aW5kEM1I5ee20eu7r_6Dxi9C5veBVfPghY-aFmBblQYZj9vOJfbnFonk5TajRbXPQhdIXdH4a42Ruk-OT6-eHntznw93v_zNiS_RxYGbirkpsKH6jeC9fTG-KIuyeSiLi356XzuVE8Nab06lxx18rHv3pJXS23EmVN269vXeA3U6e5lad1ZmgmVrVvy_ZoSQprT2nBJbp-xVyS7UNiNtcJkRX72wuunz_RyI61VOpuCqhk59vBzcDUjx3_5Zv4t2i89AM8_hs0P-7SagOUNpIoglYf3lFWw_6nZYT6yN7BulkDddWS9Cn1ToZ9WoOkWbHFs7HJz7-TvX9X2NVi6NGapWZqw1KRfzHWq3a-waq_ZDljY6XY7MumIJBRhEIq47ck4onEniqM2nJ2p904e-zcAAP__qyyLUL4EAAA= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=3; pdhtkv49=true; uncs49=3; u_pl28090609=1; iprc_l+502970cc2f9f744e7acbde213f0828a6=5941311; iprc_l:5941311=1; uid_id2=77ed0952-0ef4-414e-a859-dcdec8d403bd:1:1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: a7abe60e791b546c8138f37aa38db11d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/59/8c/2f/598c2f373d6812e269996af23a7f78f1/1756661784.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.245Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/59/8c/2f/598c2f373d6812e269996af23a7f78f1/1756661784.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 69386\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:36:25 GMT\r\netag: \"68b48819-10f0a\"\r\nexpires: Wed, 07 Jan 2026 22:45:23 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":69386,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:08:08], progressive, precision 8, 320x240, components 3","md5":"5f7d286b0003d4c7114958bcfe2f5ddf","sha1":"49b578a264b391002192798301ff8130b3108bf8","sha256":"7f80c6088ea177b9fbfb0fd5e735477bd378811eb55f182c289cc9cb89241bb8","sha512":"91e7dc2ad002a97a2f968877a5b5b5b78eca1dc130e71670d8ca459c7a79fa0f9d4bc497d21ba8863548aec29aac61191c7bd1ae6e688e2e34ff5a0ffca6c653","ssdeep":"1536:PiE1WE1irjUPrAimkKnW0ChT00A9ctznHDqDd0:P1j1EHimTnwhTAUHDMd0","tlshash":"fe6301269b919c33e0f84d74ed54dfa37712bca8e7c34a017d6d3a16a760289ec4819f","first_seen":"2025-09-02T18:13:44.375856Z","last_seen":"2026-04-20T09:46:39.655608Z","times_seen":1322,"resource_available":false,"data":null}},"time_used":173,"timings":{"blocked":50,"dns":0,"connect":19,"send":0,"wait":19,"receive":46,"ssl":36},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"acceptableredheadcaviar.com/e334b1dced9b7de054ba28a632e99804/invoke.js","fqdn":"acceptableredheadcaviar.com","domain":"acceptableredheadcaviar.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.289Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"acceptableredheadcaviar.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 08 Nov 2025 20:35:16 GMT","end":"Fri, 06 Feb 2026 20:35:15 GMT"},"fingerprint":{"sha1":"AC:97:AD:F5:16:D4:4B:35:A3:E8:AC:B3:B8:A7:9E:FF:D6:55:0A:44","sha256":"9A:49:A6:9E:64:B9:B4:85:9B:F9:24:85:9B:74:38:52:E2:0B:B2:2E:D7:95:D2:C7:3F:F6:64:59:1F:17:65:CA"}}},"request":{"raw":"GET /e334b1dced9b7de054ba28a632e99804/invoke.js HTTP/1.1\r\nHost: acceptableredheadcaviar.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:21 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 15866\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 3\r\nHost: acceptableredheadcaviar.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 6d788c75a79b274027cc681f35925fc2\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":43770,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (43768), with no line terminators","md5":"0dd1f87d80fe1151faa7385b6f19d484","sha1":"4753e86234118c178e732a623287a166070d3531","sha256":"ace99e88f256b2314be440144ac33883ae7524c55bfdb1d7a0a8c24915af2c1f","sha512":"6a8fe48612c37c40518440446a63bd9c6ea53466815a79c94fc0d9e9af744ddb3f32b1c605dd53bb0f9f3745550b9a3b3ddee9db44453abcff6190795c3a52da","ssdeep":"768:pL+PQPpOgRDGmXN43uQxjCoMSZR/IuVpPtyw4cLeJEOlhP36jIb3EX:pbRDR6fCoM4R/Zyw4/6jIS","tlshash":"d513d79a7f91b5ac0376b47b043f922ff6399d0260c8c9acd103e8952f9ca4dc539b59","first_seen":"2026-01-05T22:45:51.458585Z","last_seen":"2026-01-05T22:45:51.458585Z","times_seen":1,"resource_available":true,"data":null}},"time_used":797,"timings":{"blocked":281,"dns":39,"connect":95,"send":0,"wait":100,"receive":93,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"acceptableredheadcaviar.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"4.adsco.re/","fqdn":"4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.752Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 05 Jan 2026 22:45:21 GMT\r\nContent-Type: text/plain;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type\r\nAccess-Control-Allow-Origin: https://pasteflash.sx\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: private, max-age=300, immutable, stale-if-error=300, stale-while-revalidate=300\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":186,"timings":{"blocked":77,"dns":1,"connect":25,"send":0,"wait":27,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.403Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/f0/fb/23/f0fb231c3868f7f970a30d973f7bfa93/1756662127.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 81446\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:42:07 GMT\r\netag: \"68b4896f-13e26\"\r\nexpires: Wed, 07 Jan 2026 22:45:23 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":81446,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:39:09], progressive, precision 8, 320x240, components 3","md5":"5cc1ea1ae22514d2a4e634a3fc00fc38","sha1":"17a827b9ae082506fe9d086fd2d006d0593ae5e8","sha256":"2a7d63fc873f793b91adea7c866b01e00bb59f075fc29953fd108f52fb5ede09","sha512":"9b57eb1e4bf4668182319d2f0bfa356c766de2afe94f188dc84054140014267d1f1ad0cf81b91421d88cdba16a9ad51b8acc87b9540c93c523bd66dd444304b5","ssdeep":"1536:LNkk6f2Nkk6fvhbg2DyMgTuF+faDypx3cvkYWMwjYz8+HjFOn:LZk2ZkJb+XTuF80sYWnYz8MjFQ","tlshash":"c183e125b3d1efb2e5d8973498a3c719f6219e45673760913e8db5a03fe2361da8c023","first_seen":"2025-09-02T19:18:23.934309Z","last_seen":"2026-04-20T09:46:39.671072Z","times_seen":1395,"resource_available":false,"data":null}},"time_used":25,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":6,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuumYTfIb-DaMTzoB5U3Nn-mtlpc4iuMRKMSUgiOahIffVuuT1dbVX19GZOxqAET4sn9WLPM5PdqIsonqNh4kUCQubkHrIe_AuCkJsgPTuw-kK9H89Th_d96q1PRsU-CVHQvQtv6qFKU7rcaXut566oTOjSts5dbvle2zvRuqKybnSitVk7M3jJD6O293zrdck39HLg-Z7ne37rtDIy0ZvLcxYq3439duy1o6DtdyJsmv_WtjgCS49ADPbJE1Bi9tifydtQfIqs__0paTeczl98rV-k1GmDgdh5K9vIdJmhf5gmpoEk21nchrYzQj5vQmc7iwmgB5N6AjA1I82nHoBlO4s2wQY3DzplKWQGJv6PcjCFTKdQdAqur0OJ-wTgAufOI-tvn9OmpFcPWFqzM3L00V9Q5YwcffAksv53q6nabF3SaeGUziw2kwpqcwq1NkVeTOGGDajyLrj7CEr8RpYfnUXWn5y3qYYSe8-urEjhxZ1gyZNJtBT5kVyivU68JLiQvCciL2RiLpFKpqC2gaI-qoEiaaDIG-iLvVbk9SLu07CbxIKveBGNIiGZF_cCz6MxX0HBr0GJLXDz8XYu1t3GYOJMISdFxu0ouHUARfEc3K7BKB4Fu8V7eRr0vNjrevHIR26u3RLhigwZj0YMG2oLprgDu17BigasIxiICqUkKC1BSQlKRVA6gnJQ3RSpDWy1LVJbMH8Rg0UMq7F2ayN6U7s1mRFQswUjqonKP7DXwd2R8TCxYqxrR5mrxpSJapTvk8frJ2nsVg-xIfdaMgwj5gsuRcxWhPQ6EaNBj3bDQMZxz4tgVQVlm3Mhh2pGLj2zj1zdf_lvMHoXNr0Lrp4GLXzQsgJdrzDMflx3Lrc5tU4mKbXrba77ELpC7o7CXW2M0n1yfHzx8uqd-Xq8-_vPkPweWRi4qZCbCu-rXwjW0hvji7okk4u6tOSH87lTfTWk9epcctTJ_33zhrxaaiPOnLJbX7_Ca6JOdy9L687STKhszZJvV5UQ0pzWhkty-4y9ItmFwq6vFiYr8rMXXj19pp8baa3S2RRUzcixh5-Cqxk5_tNX82_ReeEP8PxD2PywT6sJWN5EqghSeYhTVsH-q2aH-cjewJppgrrryPoVBqbCIK1A0y3Y4tjY5ebeyV-_qO1LsLQ5ZqlpTlhq0s9qnW4fiGXVXqsTsLDb63Vl0hVJKMIgFHHHk3FE424URx04O1PvnDz2TwAAAP__qX1eNr4EAAA=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.921Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RTzYscxRuumYTfIb-DaMTzoB5U3Nn-mtlpc4iuMRKMSUgiOahIffVuuT1dbVX19GZOxqAET4sn9WLPM5PdqIsonqNh4kUCQubkHrIe_AuCkJsgPTuw-kK9H89Th_d96q1PRsU-CVHQvQtv6qFKU7rcaXut566oTOjSts5dbvle2zvRuqKybnSitVk7M3jJD6O293zrdck39HLg-Z7ne37rtDIy0ZvLcxYq3439duy1o6DtdyJsmv_WtjgCS49ADPbJE1Bi9tifydtQfIqs__0paTeczl98rV-k1GmDgdh5K9vIdJmhf5gmpoEk21nchrYzQj5vQmc7iwmgB5N6AjA1I82nHoBlO4s2wQY3DzplKWQGJv6PcjCFTKdQdAqur0OJ-wTgAufOI-tvn9OmpFcPWFqzM3L00V9Q5YwcffAksv53q6nabF3SaeGUziw2kwpqcwq1NkVeTOGGDajyLrj7CEr8RpYfnUXWn5y3qYYSe8-urEjhxZ1gyZNJtBT5kVyivU68JLiQvCciL2RiLpFKpqC2gaI-qoEiaaDIG-iLvVbk9SLu07CbxIKveBGNIiGZF_cCz6MxX0HBr0GJLXDz8XYu1t3GYOJMISdFxu0ouHUARfEc3K7BKB4Fu8V7eRr0vNjrevHIR26u3RLhigwZj0YMG2oLprgDu17BigasIxiICqUkKC1BSQlKRVA6gnJQ3RSpDWy1LVJbMH8Rg0UMq7F2ayN6U7s1mRFQswUjqonKP7DXwd2R8TCxYqxrR5mrxpSJapTvk8frJ2nsVg-xIfdaMgwj5gsuRcxWhPQ6EaNBj3bDQMZxz4tgVQVlm3Mhh2pGLj2zj1zdf_lvMHoXNr0Lrp4GLXzQsgJdrzDMflx3Lrc5tU4mKbXrba77ELpC7o7CXW2M0n1yfHzx8uqd-Xq8-_vPkPweWRi4qZCbCu-rXwjW0hvji7okk4u6tOSH87lTfTWk9epcctTJ_33zhrxaaiPOnLJbX7_Ca6JOdy9L687STKhszZJvV5UQ0pzWhkty-4y9ItmFwq6vFiYr8rMXXj19pp8baa3S2RRUzcixh5-Cqxk5_tNX82_ReeEP8PxD2PywT6sJWN5EqghSeYhTVsH-q2aH-cjewJppgrrryPoVBqbCIK1A0y3Y4tjY5ebeyV-_qO1LsLQ5ZqlpTlhq0s9qnW4fiGXVXqsTsLDb63Vl0hVJKMIgFHHHk3FE424URx04O1PvnDz2TwAAAP__qX1eNr4EAAA= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=3; pdhtkv49=true; uncs49=3; u_pl28090609=1; iprc_l+502970cc2f9f744e7acbde213f0828a6=5941311; iprc_l:5941311=1; uid_id2=77ed0952-0ef4-414e-a859-dcdec8d403bd:1:1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ec7b7bb092ed17467a2e23b6a6a53093\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":100,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=503","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=503 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl28308530=1; slecda2934874d70693de1e2b10730abaed3=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cx.dornrusky.com/th859PM6tTb/133986","fqdn":"cx.dornrusky.com","domain":"dornrusky.com","tld":"com"},"ip":{"addr":"172.241.53.29","port":443,"asn":7979,"as":"SERVERS-COM","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.108Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cx.dornrusky.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 22:20:55 GMT","end":"Sat, 28 Mar 2026 22:20:54 GMT"},"fingerprint":{"sha1":"A6:6C:4A:A3:F1:66:ED:01:E3:2E:99:0A:C6:88:C0:C5:F8:A6:7F:5D","sha256":"01:BA:67:CC:8F:9B:F0:DE:60:7F:B8:EB:CE:1C:03:C8:0C:56:7B:DE:E1:30:88:8A:57:C5:AC:AA:53:D2:2A:D6"}}},"request":{"raw":"GET /th859PM6tTb/133986 HTTP/1.1\r\nHost: cx.dornrusky.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\naccept-ch: sec-ch-ua-platform-version,sec-ch-ua-model,sec-ch-ua-full-version,sec-ch-ua-full-version-list\r\naccess-control-allow-credentials: true\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-headers: content-type, gyfr29qt4j80vdr0zhsj, x-forwarded-for, x-requested-with, cache-control, pragma, expires\r\naccess-control-max-age: 600\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\nx-frame-options: SAMEORIGIN\r\nset-cookie: GL_UI4=eJw9jc1OhDAcB%2FkGddnkl%2FAA%2BwgtUtKrF1%2FBI2npn7UKdFMqq28v8eBtDjOZKIqSpka8FyekX0rgwrnsZSdaybpRqlZr2feCaSEZb8U0CTzYbQhKzxQyVNuifBjCniHXXq2mRr44Q3ONUnt338g3KbJVLYTy1Xqa3PdhqA%2FnkfLn7mC7HhwzJG5r0nOF8s2u5ijPj0g4O5%2BKCE%2B3WYXJ%2BWWwpoiRX70yhPgF1agCXZ3%2FQWlo%2BwzuBrjZDP%2F%2B3zi9c4bC0G5HQu7CO%2FlfoWNCFg%3D%3D; expires=Tue, 06-Jan-2026 22:45:21 GMT; Max-Age=86400; path=/; secure; SameSite=None\nGL_GI10=eJxjYGBgEuEXZMosEOSxNNSzNNAzMdIzNDURZEwXZPLzF2RKzhNk88svKk%2BsFGQsEmQyMBZkKsoT5PYvzslXcM4vzSsBiicLsoD4goyZgnxOOZkVCsH5OaUlmfl5xYJMQMzpnJiUk6rvEuwjyFjAxijIVJIPIotTRBgEGcvYJASZchJ5HHw%2Fv9qcvuAnkJPP46BavzE63G61IFNBsSCLgaGpIQCHOyne; expires=Tue, 06-Jan-2026 22:45:21 GMT; Max-Age=86400; path=/; secure; SameSite=None\r\ncontent-encoding: gzip\r\nvary: Accept-Encoding\r\nstrict-transport-security: max-age=1\r\nx-content-type-options: nosniff\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"ASCII text, with no line terminators","md5":"f7a2939527fd9e68723da600e96d76bd","sha1":"a9e717b6364d2895ee0a716050db32ca0ef1bb42","sha256":"d810f5146f4cd1517512a6e31946e764a73c58fb01427aae88d42cc2ae28718a","sha512":"e6956ec633c76eb3ebc408528f950b81373238cd1d5b9fff5ddd97089ea14a1ff5934f23769bac5d93cc4cdb6a1fbc4ce69baebfb940a55d8a7a89caccaf92b5","ssdeep":"","tlshash":"ec300000003000000000000000000000000c0000000000000000000000000c00000000","first_seen":"2023-03-07T01:14:39Z","last_seen":"2026-04-20T12:12:30.015735Z","times_seen":14003,"resource_available":true,"data":null}},"time_used":250,"timings":{"blocked":110,"dns":71,"connect":17,"send":0,"wait":25,"receive":0,"ssl":23},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"cx.dornrusky.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"6.adsco.re:2087/","fqdn":"6.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.84.77","port":2087,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.758Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 6.adsco.re:2087\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 45\r\ncf-ray: 9b96816b3995b28a-OSL\r\naccess-control-allow-origin: https://pasteflash.sx\r\ncache-control: private, max-age=300, immutable, stale-if-error=300, stale-while-revalidate=300\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\naccess-control-max-age: 2592000\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":2087\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":39,"dns":31,"connect":3,"send":0,"wait":13,"receive":0,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.917633528616.js?key=745b95ffd64b1a4535afda140744beec\u0026kw=%5B%22onlyfans%22%2C%22leaks%22%2C%2210%22%2C%22per%22%2C%22day%22%2C%22%E2%80%93%22%2C%22pasteflash%22%5D\u0026refer=https%3A%2F%2Fpasteflash.sx%2FVbqILJAi\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a%3A3%3A1\u0026shu=6556f68adb078c9f9ddd225619de93aee8bf6bde092d53a481e721e3e5ab66c5d1c711673249249e3cbe7d5a8aff4ea55e9469973bd344e427fa54d2664607723d44710a65c78addd9991fa0a016fcad6ba52606d12bdfba96ea\u0026pst=1767653183\u0026rmtc=t","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.383Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:50:13 GMT","end":"Sun, 29 Mar 2026 00:50:12 GMT"},"fingerprint":{"sha1":"B6:89:38:EE:EF:1E:F1:A0:93:51:BB:7A:F2:13:F5:DF:8C:9B:8F:F7","sha256":"74:22:2C:3F:1E:A6:04:C8:AD:7C:D8:B4:13:57:A5:95:EF:83:FA:28:18:BC:F3:BD:38:93:CB:DA:4B:30:3F:8A"}}},"request":{"raw":"GET /watch.917633528616.js?key=745b95ffd64b1a4535afda140744beec\u0026kw=%5B%22onlyfans%22%2C%22leaks%22%2C%2210%22%2C%22per%22%2C%22day%22%2C%22%E2%80%93%22%2C%22pasteflash%22%5D\u0026refer=https%3A%2F%2Fpasteflash.sx%2FVbqILJAi\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a%3A3%3A1\u0026shu=6556f68adb078c9f9ddd225619de93aee8bf6bde092d53a481e721e3e5ab66c5d1c711673249249e3cbe7d5a8aff4ea55e9469973bd344e427fa54d2664607723d44710a65c78addd9991fa0a016fcad6ba52606d12bdfba96ea\u0026pst=1767653183\u0026rmtc=t HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nReferer: https://pasteflash.sx/\r\nDNT: 1\r\nConnection: keep-alive\r\nCookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyODA5MDYxMSwiayI6Ijc0NWI5NWZmZDY0YjFhNDUzNWFmZGExNDA3NDRiZWVjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1NDQ4NjcwLCJwaWQiOjE2NjM3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJmdG5zdjJoN3oiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYXN0ZWZsYXNoLnN4L1ZicUlMSkFpIiwidHoiOjEsImFyIjpbXX19.ugqHaap55OOKGbzB2oW4HSjSP-wzopTqImSVIJtoNgI\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: text/html\r\nContent-Length: 3918\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; expires=Mon, 12 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\npdhtkv23=true; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nuncs23=1; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nu_pl28090611=1; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 29\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 686f03bef06fff8e3fd22de5abcbe147\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":5015,"size_decoded":0,"mime_type":"text/html","magic":"JavaScript source, ASCII text, with very long lines (4139)","md5":"1917bf5c5cbf272362a6a87cf3a7512e","sha1":"521e792e97eb268c90dedc8a0bcdedf5750a2b1b","sha256":"912a6991b3aca8f09d2dfa309c3ca6d20c7832f96bddca84bda380809e6fd599","sha512":"8e22275356379fcc84d93c60ebbcd7812173d5933061b3f5c69bc181ad9eff4ad886a5abd929ffa72c9cffa95a639dc284fc948ad0172527f66757ce663ba293","ssdeep":"96:Ka9FSscYozqL60ohTyBm3bjQ7u+eH7k/+OQe/PyXf4uw1ZDQr7rNCfMEDaH:n9FSsAzwoh0uHNbkKjoVQPhCkCaH","tlshash":"d3a12b661996a678389360af466f981c1d83e20a2e44fd47f98cdef14f047e44eadcdc","first_seen":"2026-01-05T22:45:51.461129Z","last_seen":"2026-01-05T22:45:51.461129Z","times_seen":1,"resource_available":false,"data":null}},"time_used":124,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":124,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/sbar.json?key=da2934874d70693de1e2b10730abaed3\u0026uuid=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a%3A3%3A1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.855Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /sbar.json?key=da2934874d70693de1e2b10730abaed3\u0026uuid=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a%3A3%3A1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:31 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4575\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; expires=Mon, 12 Jan 2026 22:45:30 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Tue, 06 Jan 2026 22:45:31 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Tue, 06 Jan 2026 22:45:31 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Tue, 06 Jan 2026 22:45:31 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Tue, 06 Jan 2026 22:45:31 GMT; path=/; secure; SameSite=None\nu_pl28308530=1; expires=Tue, 06 Jan 2026 22:45:31 GMT; path=/; secure; SameSite=None\nslecda2934874d70693de1e2b10730abaed3=[6308898]; expires=Mon, 05 Jan 2026 22:45:36 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 219\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 338bcd9136b852d4d16f1414962100bc\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":5887,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"0606144afe5185d804c1a9a6cd5b7fb9","sha1":"217e134a0bffcabf5796cd5964526f74240fc844","sha256":"3ae34bc2ce3215f106b188ce099f9db6e5b428253ecf52ce15a820c31f3f148e","sha512":"894cbd6882184b0eb1a12bd69f1dead792b010fe2b9e06fae2a33f5e7174116bf215a98129f2a3802fabc7cab1fa9a06e8ef7849ffbc068939d15bdc8d3e0858","ssdeep":"96:9ukm/Ftc6oj0ru2MDLYFMtqoP4OUXUqNuylK/5gLp48wJg4E3TvZryvg0zNy:96M6U52MDEaRP4HkyK2L0JRATv5IgV","tlshash":"03c17d3c6349b115498ec844ab6e5ebd9cc6e8cf8d904d6cd59fedfc52ce54e145400b","first_seen":"2026-01-05T22:45:51.461961Z","last_seen":"2026-01-05T22:45:51.461961Z","times_seen":1,"resource_available":false,"data":null}},"time_used":313,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":312,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_4RTT4gcxReumYTfIb-DaMTzoB5UZLZ7umcybQ7RNUaCMYlJJIcYpLqreqacmq62qnp6dk6rCyF4WjypF3u-md01uojiVSXMiiABIXNyD9mL4D0IuQnSswOrJx_U-_N9dXjfq1e3xtkB8ZDR_ctvqpGQkq40607tuesiYSo3tYvXaq5Td07Xrouk5Z-uDUunBy-5nl93nq-9zqOeWmk4ruO4jls7JzSP1XBlwUKku4FbD5y636i7TR9D_e_aZFUYWgUbHJAnINj8sd_jGxDRDEn_m7Pc9KxKX3ytn0lqlcaA7byd9BKVJ-gfpbGuIE52lrehzJyQT6pQyc5SAdRgWipAKOak-tQDhMnOsk2Eg63DTkMJniBk_0c-mIHLGQSdIVIbEOw-ASKGi5eQ9LcvKp3TtUOWluycHH_0J0Q-J8cfPImk__WqFMPaVSUzK1RiMIwLiOEMojNDms1gRxWIfA-R_RCC_UpWHl1A0p9eMlJBsGKhXsQzUFNBVh5RQRZXkKUV9Nl-zXfafuRSrxUHLDrl-NT3GQ-doN1wHBpEp5BFH0CwTUT61v6zieQR9zw_dFnEWRCeYtxp-iFttGnLa_AgaDv-nRvNwHc91725nbKu7Q2mVmd8miWRGbtfHEJ-sAC3S9APxu5u9m4qG20ncFpOMHaR6nX0xCZ0dhemW8CwKoydk8pb6xiwAjknyA1BTglyQZBbgnxQbDFpGqbYZtJkobuMjWX0iomynTHdUrbDEwKqN6FZMRXp-2YDkT02GcWGTVTpaGiLCQ1ZMU4PyOPls1R2i4fo8f3af8mHEQWEqS4mPhJzcvWZA6Ti_st_IaR7MHIPkXgaNHNB8wK0W2CUfNe1NjUpNZbHkppuPVJ9MFUgtcdh1ypjeUBOTq5cW727WJGbv_0MHt0jS0OkC6S6wHviJ4KOvD25onIyvaJyQ769lFrRFyNars9VSy3_35dv8LVcaXb-rNm880pUEmW6e40be4EmTCQdQ75aFYxxfU7piJMfzpvrPLycme5qppMsvXD51XPn-6nmxgiVzEDFnJx4-BEiMScnf_x88TWaL_yBKF2HSY_6NIogTKuQgkDyI5yGBcw_6vAoH5vb6OgqqN1A0i8w0AUGsgCVmzDZiYlN9b0zv3xa2mcIZXUSSl2dhlLLj8s5fX84LCP2a81G6LXa7RaPWyz2mNfwWNB0eODToOUHfhPWzMU7Z479HQAA__-xQa-2wgQAAA==","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.306Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_4RTT4gcxReumYTfIb-DaMTzoB5UZLZ7umcybQ7RNUaCMYlJJIcYpLqreqacmq62qnp6dk6rCyF4WjypF3u-md01uojiVSXMiiABIXNyD9mL4D0IuQnSswOrJx_U-_N9dXjfq1e3xtkB8ZDR_ctvqpGQkq40607tuesiYSo3tYvXaq5Td07Xrouk5Z-uDUunBy-5nl93nq-9zqOeWmk4ruO4jls7JzSP1XBlwUKku4FbD5y636i7TR9D_e_aZFUYWgUbHJAnINj8sd_jGxDRDEn_m7Pc9KxKX3ytn0lqlcaA7byd9BKVJ-gfpbGuIE52lrehzJyQT6pQyc5SAdRgWipAKOak-tQDhMnOsk2Eg63DTkMJniBk_0c-mIHLGQSdIVIbEOw-ASKGi5eQ9LcvKp3TtUOWluycHH_0J0Q-J8cfPImk__WqFMPaVSUzK1RiMIwLiOEMojNDms1gRxWIfA-R_RCC_UpWHl1A0p9eMlJBsGKhXsQzUFNBVh5RQRZXkKUV9Nl-zXfafuRSrxUHLDrl-NT3GQ-doN1wHBpEp5BFH0CwTUT61v6zieQR9zw_dFnEWRCeYtxp-iFttGnLa_AgaDv-nRvNwHc91725nbKu7Q2mVmd8miWRGbtfHEJ-sAC3S9APxu5u9m4qG20ncFpOMHaR6nX0xCZ0dhemW8CwKoydk8pb6xiwAjknyA1BTglyQZBbgnxQbDFpGqbYZtJkobuMjWX0iomynTHdUrbDEwKqN6FZMRXp-2YDkT02GcWGTVTpaGiLCQ1ZMU4PyOPls1R2i4fo8f3af8mHEQWEqS4mPhJzcvWZA6Ti_st_IaR7MHIPkXgaNHNB8wK0W2CUfNe1NjUpNZbHkppuPVJ9MFUgtcdh1ypjeUBOTq5cW727WJGbv_0MHt0jS0OkC6S6wHviJ4KOvD25onIyvaJyQ769lFrRFyNars9VSy3_35dv8LVcaXb-rNm880pUEmW6e40be4EmTCQdQ75aFYxxfU7piJMfzpvrPLycme5qppMsvXD51XPn-6nmxgiVzEDFnJx4-BEiMScnf_x88TWaL_yBKF2HSY_6NIogTKuQgkDyI5yGBcw_6vAoH5vb6OgqqN1A0i8w0AUGsgCVmzDZiYlN9b0zv3xa2mcIZXUSSl2dhlLLj8s5fX84LCP2a81G6LXa7RaPWyz2mNfwWNB0eODToOUHfhPWzMU7Z479HQAA__-xQa-2wgQAAA== HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 8048178054c0b9f2e236c05b1ab8b5e4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":131,"timings":{"blocked":33,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.010Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:32 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Cm7hYF2IFdKwvdBlGPoD916zSRLoOjE9iskH%2FokLztF6AQJIHeb%2BcA5iQA8YW7Dh8bkOijuNu8967hjxfOgMUhetC56xeV3p2cY79WC9HUE%3D\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"68b9703b-2762\"\r\ncontent-encoding: br\r\ncf-ray: 9b9681ab0fed4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-04-16T12:24:04.652167Z","times_seen":1651,"resource_available":false,"data":null}},"time_used":485,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":484,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.769Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 530576\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-20T13:59:38.920906Z","times_seen":751132,"resource_available":false,"data":null}},"time_used":267,"timings":{"blocked":108,"dns":16,"connect":20,"send":0,"wait":36,"receive":14,"ssl":65},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/9c/68/bf/9c68bfb6bb6f3aff66bdf49957b498c9/1722092330.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.558Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/9c/68/bf/9c68bfb6bb6f3aff66bdf49957b498c9/1722092330.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 55210\r\nserver: nginx/1.21.6\r\nlast-modified: Sat, 27 Jul 2024 14:58:50 GMT\r\netag: \"66a50b2a-d7aa\"\r\nexpires: Wed, 07 Jan 2026 22:45:23 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":55210,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, progressive, precision 8, 728x90, components 3","md5":"51d5f1702c7288699c77fea5f3f46007","sha1":"4be700869a6c3de826be7182e5924bf66c93c88b","sha256":"58506312d5c92cadd5e54de75c104579aecd0a4ad6570bc860846b9dd1515830","sha512":"ff74a641588deda30091b76c27878332565424c649e4cbbf6c171f323fd0c4d4dd3dd59662dcb08a95bb7050d0a1f9d5bf3ea2ba4967a5032364d1f077cfeb30","ssdeep":"1536:4xI5sGNeYqE9nBasE+ln77UddL2ZCraWA:4xXGNeGxz7UqsDA","tlshash":"f6430262ab73bc55dd61a336a092d39c7f3ab719b343bf637a245345ae0b4808c0f215","first_seen":"2024-08-24T13:39:32Z","last_seen":"2026-04-12T20:48:52.931852Z","times_seen":67,"resource_available":false,"data":null}},"time_used":21,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":19,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/cti/db/3f/4e/db3f4e9bb2563c5d90aa30fa2047a623/1756661871.jpg","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.926Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /cti/db/3f/4e/db3f4e9bb2563c5d90aa30fa2047a623/1756661871.jpg HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:30 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 82015\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 31 Aug 2025 17:37:51 GMT\r\netag: \"68b4886f-1405f\"\r\nexpires: Wed, 07 Jan 2026 22:45:30 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":82015,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, Exif standard: [TIFF image data, big-endian, direntries=7, orientation=upper-left, xresolution=98, yresolution=106, resolutionunit=2, software=Adobe Photoshop 26.3 (Macintosh), datetime=2025:08:30 15:56:38], progressive, precision 8, 320x240, components 3","md5":"a5e99008dec3cc78ac2ef712db916e71","sha1":"1727aa543c5a16969ae1c767b2b488f7deedc7c0","sha256":"809ba0ce4ca09a627e04907b7b4b850651bb1bc6fbe8c3fa28e95649a89ffa58","sha512":"6621cc914d11088d1b4b4ef9f59d0452217bd3886d95a7a6d6ae3a133b909eb1977797657d398380c9b036387c4361d783d77e0f5a6150a90a0a32de2b55f323","ssdeep":"1536:0f4FYf4FJxFgOsbKS46bxlW8k0rn2rcV4Kbf9FieN5LjS6:0IYIDUbPRxPvreOf9FierN","tlshash":"f783f1207fd6ac11f7eca178095cc7a4e7a09e667e17225ab8fc72a53730391eac144d","first_seen":"2025-09-02T18:27:26.453754Z","last_seen":"2026-04-19T20:30:35.632387Z","times_seen":1290,"resource_available":false,"data":null}},"time_used":24,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":19,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.865Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:31 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 8116223\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=W%2FPwLxrR55ovMV0dl6hIShoee95yygq1UtCzhMV7GY%2F9VtB6Ny9sj3tiwl8baByXWzUjybbzCyBdIaknkh9lNH2YnnrOP4VuT47j%2Fa2ShxI%3D\"}]}\r\ncf-ray: 9b9681aa1dce4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-19T18:43:01.426503Z","times_seen":3202,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":5,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbs?c=1","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.76","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.761Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl28308530=1; slecda2934874d70693de1e2b10730abaed3=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026uuid=77ed0952-0ef4-414e-a859-dcdec8d403bd%3A1%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.802Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026uuid=77ed0952-0ef4-414e-a859-dcdec8d403bd%3A1%3A1\u0026custom=%7B%22d37e3bc4%22%3A%22b%22%7D\u0026rb= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; iprc_l+502970cc2f9f744e7acbde213f0828a6=5941311; iprc_l:5941311=1\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: application/json\r\nContent-Length: 6330\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=77ed0952-0ef4-414e-a859-dcdec8d403bd:1:1; expires=Mon, 12 Jan 2026 22:45:30 GMT; path=/; secure; SameSite=None\nuncs=3; expires=Tue, 06 Jan 2026 22:45:30 GMT; path=/; secure; SameSite=None\nuncs49=3; expires=Tue, 06 Jan 2026 22:45:30 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 8\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: bc7ceaf498020810d9cee50dd0853be1\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8252,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"2035f0f1ad5c5e1a6d8096655ad81bf4","sha1":"2b907ee41bdb98a90cb92a3e9fb8f6e3ec4470eb","sha256":"691a87a2573c7e900b8f9121d4fede4c0b045dc9ee75dace61058b9d541b8aca","sha512":"665ff4f5920d9572a5891fc8ca99e8affaa217a8eb3183b6a2c62b03c420f6a7f4e067f436ef3cd126655d6b5d2431b5a03dd9812285bd304611d2f4e7cd7c71","ssdeep":"192:ar+KAgJ+cEVrMJJ9CD+Zv5m0bYveHoPFrtebvWxmzrU:ar+KAF/M/Lv6Jt++AY","tlshash":"72029f7d440624ecce7a9cad1ae3303d1e2111b7fc64bbca42ade21e4ca4d83e135683","first_seen":"2026-01-05T22:45:51.470041Z","last_seen":"2026-01-05T22:45:51.470041Z","times_seen":1,"resource_available":false,"data":null}},"time_used":102,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":102,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/assets/banner-728.js","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.105Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pasteflash.sx","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Dec 2025 15:35:39 GMT","end":"Thu, 26 Mar 2026 15:35:38 GMT"},"fingerprint":{"sha1":"EA:61:C1:89:B4:4A:4D:AA:44:91:00:20:BF:CB:5F:E8:F7:62:CF:0B","sha256":"F6:6F:DD:F8:A4:12:D3:AF:DB:74:B1:C4:4C:B0:67:9A:5F:63:0C:A0:C1:45:94:4E:3F:BB:73:06:81:E3:3C:7F"}}},"request":{"raw":"GET /assets/banner-728.js HTTP/1.1\r\nHost: pasteflash.sx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/VbqILJAi\r\nCookie: PHPSESSID=qr4cht3450qrn8l0pcmf68r46j\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 12 Jan 2026 22:45:21 GMT\r\ncontent-type: application/javascript\r\nlast-modified: Sun, 04 Jan 2026 18:43:21 GMT\r\netag: \"333-695ab4c9-7f6867228ca39447;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 364\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\nx-frame-options: DENY\r\ncontent-security-policy: frame-ancestors 'none';\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":819,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text","md5":"10098419982b5f1cda9ed02fc2641dab","sha1":"65527aec10d36770a24d44d3a16e29cf7df6c5df","sha256":"71d4aa0a1aab1fa2bc48abb42fc4cb764a78bc6935e186d4f3952b339998701c","sha512":"5ad351bf1b1f848bc86f4756ca9c2e9ba1dd6e9caf4e18359f35e053538f95462b0d32036c0f8b61397b5d89f638ca4899554dd0380f15c2bbdce408ae0927d2","ssdeep":"","tlshash":"a001686a1e932430d566306e57af66483222c1231601e8027d9cca196fa4d7a9632f99","first_seen":"2026-01-04T23:46:41.736043Z","last_seen":"2026-02-04T03:42:46.433603Z","times_seen":51,"resource_available":true,"data":null}},"time_used":47,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":47,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pasteflash.sx/favicon.ico","fqdn":"pasteflash.sx","domain":"pasteflash.sx","tld":"sx"},"ip":{"addr":"185.165.184.2","port":443,"asn":51295,"as":"Tes Euro Media SRL","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.743Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P384-SHA384","protocol":"TLSv1.3","cert":{"subject":{"commonName":"pasteflash.sx","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Fri, 26 Dec 2025 15:35:39 GMT","end":"Thu, 26 Mar 2026 15:35:38 GMT"},"fingerprint":{"sha1":"EA:61:C1:89:B4:4A:4D:AA:44:91:00:20:BF:CB:5F:E8:F7:62:CF:0B","sha256":"F6:6F:DD:F8:A4:12:D3:AF:DB:74:B1:C4:4C:B0:67:9A:5F:63:0C:A0:C1:45:94:4E:3F:BB:73:06:81:E3:3C:7F"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: pasteflash.sx\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/VbqILJAi\r\nCookie: PHPSESSID=qr4cht3450qrn8l0pcmf68r46j\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ncache-control: public, max-age=604800\r\nexpires: Mon, 12 Jan 2026 22:45:21 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Fri, 26 Dec 2025 22:36:32 GMT\r\netag: \"85c7a-694f0df0-6ffdb4a813852907;br\"\r\naccept-ranges: bytes\r\ncontent-encoding: br\r\nvary: Accept-Encoding,User-Agent\r\ncontent-length: 519890\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\nx-frame-options: DENY\r\ncontent-security-policy: frame-ancestors 'none';\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":547962,"size_decoded":0,"mime_type":"image/x-icon","magic":"PNG image data, 1024 x 1024, 8-bit/color RGB, non-interlaced","md5":"53282e2599efd87def33b14a3df42f91","sha1":"bd5f54a403bfe4b3951016e4ac04fa393c2abe66","sha256":"c0680c9a1abe91647ea808fedc790ed9f73672c078c729e62ae2929b00a8d878","sha512":"aac97cc1b64c3aabc3082f59809f04c26a7b2f6d799ee5f2e27e32800c0806ed321c0d780ac70a8933d76e3e4626964f8552c5d5f58d60fa16b604cdbbbf8fdd","ssdeep":"12288:QswTIkLiH1KzSpq/lDIoMjCVGlu0kzWJoUDxIjuN9qB:fFkLiVSDIoMjNlrkCJztISjqB","tlshash":"29c4233d9a615902cf1792f5d9a015223fabaf917de087af139910412fd0be7e085fc9","first_seen":"2026-01-03T04:30:22.50261Z","last_seen":"2026-04-19T23:05:40.643913Z","times_seen":231,"resource_available":false,"data":null}},"time_used":261,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":46,"receive":215,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"4.adsco.re:2087/","fqdn":"4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":2087,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.754Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 4.adsco.re:2087\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 05 Jan 2026 22:45:21 GMT\r\nContent-Type: text/plain;charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAccess-Control-Allow-Methods: GET, HEAD, OPTIONS\r\nAccess-Control-Allow-Headers: Content-Type\r\nAccess-Control-Allow-Origin: https://pasteflash.sx\r\nAccess-Control-Expose-Headers: *\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: private, max-age=300, immutable, stale-if-error=300, stale-while-revalidate=300\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":189,"timings":{"blocked":78,"dns":1,"connect":27,"send":0,"wait":27,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"1xgsu731azaj.l4.adsco.re/","fqdn":"1xgsu731azaj.l4.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"185.200.118.62","port":443,"asn":9009,"as":"M247 Europe SRL","country":"United Kingdom","country_code":"GB"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.760Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.l4.adsco.re","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Thu, 13 Nov 2025 09:14:30 GMT","end":"Wed, 11 Feb 2026 09:14:29 GMT"},"fingerprint":{"sha1":"44:4A:2D:C5:7F:AC:E8:4E:70:9B:91:5D:F6:AE:99:5F:66:18:51:46","sha256":"3B:1C:F2:20:1E:BC:6C:00:04:8F:3E:30:B9:AC:DE:26:B1:D4:73:CB:C2:6F:2F:F4:1C:E8:C4:A5:FD:38:8D:68"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 1xgsu731azaj.l4.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\ncontent-type: text/html\r\ncontent-length: 0\r\nlast-modified: Fri, 02 Jun 2023 14:03:32 GMT\r\netag: \"6479f6b4-0\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET, POST, OPTIONS\r\naccess-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range\r\naccess-control-expose-headers: Content-Length,Content-Range\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":273,"timings":{"blocked":118,"dns":51,"connect":23,"send":0,"wait":27,"receive":0,"ssl":50},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"wayfarerorthodox.com/watch.917633528616.js?key=745b95ffd64b1a4535afda140744beec\u0026kw=%5B%22onlyfans%22%2C%22leaks%22%2C%2210%22%2C%22per%22%2C%22day%22%2C%22%E2%80%93%22%2C%22pasteflash%22%5D\u0026refer=https%3A%2F%2Fpasteflash.sx%2FVbqILJAi\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a%3A3%3A1","fqdn":"wayfarerorthodox.com","domain":"wayfarerorthodox.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.242Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"wayfarerorthodox.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:50:13 GMT","end":"Sun, 29 Mar 2026 00:50:12 GMT"},"fingerprint":{"sha1":"B6:89:38:EE:EF:1E:F1:A0:93:51:BB:7A:F2:13:F5:DF:8C:9B:8F:F7","sha256":"74:22:2C:3F:1E:A6:04:C8:AD:7C:D8:B4:13:57:A5:95:EF:83:FA:28:18:BC:F3:BD:38:93:CB:DA:4B:30:3F:8A"}}},"request":{"raw":"GET /watch.917633528616.js?key=745b95ffd64b1a4535afda140744beec\u0026kw=%5B%22onlyfans%22%2C%22leaks%22%2C%2210%22%2C%22per%22%2C%22day%22%2C%22%E2%80%93%22%2C%22pasteflash%22%5D\u0026refer=https%3A%2F%2Fpasteflash.sx%2FVbqILJAi\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a%3A3%3A1 HTTP/1.1\r\nHost: wayfarerorthodox.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 307 Temporary Redirect\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: text/html\r\nContent-Length: 0\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-credentials: true\r\nlocation: https://wayfarerorthodox.com/watch.917633528616.js?key=745b95ffd64b1a4535afda140744beec\u0026kw=%5B%22onlyfans%22%2C%22leaks%22%2C%2210%22%2C%22per%22%2C%22day%22%2C%22%E2%80%93%22%2C%22pasteflash%22%5D\u0026refer=https%3A%2F%2Fpasteflash.sx%2FVbqILJAi\u0026tz=0\u0026dev=e\u0026res=14.3095\u0026rb=\u0026uuid=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a%3A3%3A1\u0026shu=6556f68adb078c9f9ddd225619de93aee8bf6bde092d53a481e721e3e5ab66c5d1c711673249249e3cbe7d5a8aff4ea55e9469973bd344e427fa54d2664607723d44710a65c78addd9991fa0a016fcad6ba52606d12bdfba96ea\u0026pst=1767653183\u0026rmtc=t\r\nset-cookie: ain=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwIjp7ImlkIjoyODA5MDYxMSwiayI6Ijc0NWI5NWZmZDY0YjFhNDUzNWFmZGExNDA3NDRiZWVjIiwic2lkIjoiIiwiaXNpZCI6MiwiYXNpZCI6MSwiemlkIjo1NDQ4NjcwLCJwaWQiOjE2NjM3LCJhbiI6dHJ1ZSwibGFuIjp0cnVlLCJjaWQiOjM0LCJhaWQiOjIzLCJwdCI6NCwicGsiOiJmdG5zdjJoN3oiLCJ0IjoxfSwidSI6eyJ1IjoxLCJhdSI6MSwiZCI6eyJpZCI6MjY2NTYxMTE1LCJpZHMiOiIiLCJpYyI6ZmFsc2UsIm4iOiJEZXNrdG9wLEVtdWxhdG9yIiwidiI6IlVua25vd24iLCJtIjoiVW5rbm93biIsImYiOjEsImZuIjoiRGVza3RvcCIsIm9pZCI6Mzg5MTQsIm9uIjoiV2luZG93cyIsIm92IjoiMTAuMCIsImJpZCI6MTM2OTI1LCJibiI6IkZpcmVmb3giLCJidiI6IjEzNC4wIiwid3YiOmZhbHNlLCJlIjp0cnVlLCJhYiI6ZmFsc2V9LCJjIjp7ImlkIjoxNjIsImMiOiJOTyIsIm4iOiJOb3J3YXkifSwiY3QiOnsiaWQiOjMxNDMyNDQsIm4iOiJPc2xvIn0sInJnIjp7ImlkIjoxODQ0LCJuIjoiT3NsbyBDb3VudHkifSwiYSI6ZmFsc2UsImNyIjp7Im4iOiJCbGl4IFNvbHV0aW9ucyJ9LCJ4ZiI6IiIsIml4ZiI6ZmFsc2UsImlneGYiOmZhbHNlLCJpd2YiOnRydWUsInVwIjp0cnVlLCJyIjoiaHR0cHM6Ly9wYXN0ZWZsYXNoLnN4L1ZicUlMSkFpIiwidHoiOjEsImFyIjpbXX19.ugqHaap55OOKGbzB2oW4HSjSP-wzopTqImSVIJtoNgI; expires=Mon, 05 Jan 2026 22:46:23 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 1\r\nHost: wayfarerorthodox.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: f6677d75b5655994d02a3dc9be4f6917\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"307","status_text":"Temporary Redirect","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5015,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"wayfarerorthodox.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ren.gif?sid=H4sIAAAAAAAC_1RSzWskRRytng0e1oPoiudBLyoy6ZnpmUy7h2hcI8GYxCQS8ONQ3VU9KVPd1VZVT0_mFA3I4il4Ui923iQbP4Io3gRlmXiRBWH7ZITNxb9gEfYmyMwORH9Qv496dXjv_erjw-yCNJHR87U31EBISWdbNbf67JZImMpNdWWzWndr7vXqlkja3vVqf5x078V606u5z1Vf4-GOmm24ddetu_XqotA8Uv3ZCQqRnvr1mu_WvEat3vLQ1_-fTebAUAesd0GegGDlY39F70CEIyTx9ze42bEqfeHVOJPUKo0eO3kr2UlUniC-bCPtIEpOpq-hTEnIZxWo5GSqAKp3NFaAQJSk8tQ9BMnJlCaC3vFDpoEETxCwR5H3RuByBEFHCNU-BLtLgJBhZRVJfGtF6ZzuPkTpGC3JzIO_IfKSzNx7Ekn83YIU_eqGkpkVKjHoRwVEfwTRHSHNzmAHDkR-htB-BMF-J7MPlpHER6tGKghWTNSLaARqHGTjIxxkkYMsdRCz86rndrywTpvtyGfhnOtRz2M8cP1Ow3WpH84hCz-EYAcI9R5SvYcdcQCd3YbZLmCYA2NL4ry5hx4rkHOC3BDklCAXBLklyHvFMZOmYYpbTJosqE9rY1qbxVDZ7iE9VrbLEwKqD6BZcSTSD8w-QntlOIgMG6pxooEthjRgxWF6QR4fu-WcFvexw8-rvNn0gjoLOfODOcbdlhfQRoe2mw3u-x3XgxEFhKlMjBiIkmw8c4FU3H3pHwT0DEaeIRRPg2Z10LwA3S4wSH7ctjY1KTWWR5Ka7VqoYjBVILUzsLvOobwg14brmwu3J5t774-fwMM7ZBoIdYFUF3hf_ErQlTeH6yonR-sqN-SH1dSKWAzoeKsbllr-yDev891cabZ0wxx8_XI4Bsbt6SY3dpkmTCRdQ75dEIxxvah0yMnPS2aLB2uZ2V7IdJKly2uvLC7FqebGCJWMQEVJrt7_BKEoybVfvpz82NbzfyJM92DSS55GEQSpAykIJL-8p0EB8585uOwPzU10dQXU7iOJC_R0gZ4sQOUBTHZ1aFN9Z_63z8fxBQJZGQZSV44CqeWnE59K8vZX8zDivNpqBM12p9PmUZtFTdZsNJnfcrnvUb_t-V4L1pTi3fkr_wYAAP__GBJxH1kEAAA=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.243Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1RSzWskRRytng0e1oPoiudBLyoy6ZnpmUy7h2hcI8GYxCQS8ONQ3VU9KVPd1VZVT0_mFA3I4il4Ui923iQbP4Io3gRlmXiRBWH7ZITNxb9gEfYmyMwORH9Qv496dXjv_erjw-yCNJHR87U31EBISWdbNbf67JZImMpNdWWzWndr7vXqlkja3vVqf5x078V606u5z1Vf4-GOmm24ddetu_XqotA8Uv3ZCQqRnvr1mu_WvEat3vLQ1_-fTebAUAesd0GegGDlY39F70CEIyTx9ze42bEqfeHVOJPUKo0eO3kr2UlUniC-bCPtIEpOpq-hTEnIZxWo5GSqAKp3NFaAQJSk8tQ9BMnJlCaC3vFDpoEETxCwR5H3RuByBEFHCNU-BLtLgJBhZRVJfGtF6ZzuPkTpGC3JzIO_IfKSzNx7Ekn83YIU_eqGkpkVKjHoRwVEfwTRHSHNzmAHDkR-htB-BMF-J7MPlpHER6tGKghWTNSLaARqHGTjIxxkkYMsdRCz86rndrywTpvtyGfhnOtRz2M8cP1Ow3WpH84hCz-EYAcI9R5SvYcdcQCd3YbZLmCYA2NL4ry5hx4rkHOC3BDklCAXBLklyHvFMZOmYYpbTJosqE9rY1qbxVDZ7iE9VrbLEwKqD6BZcSTSD8w-QntlOIgMG6pxooEthjRgxWF6QR4fu-WcFvexw8-rvNn0gjoLOfODOcbdlhfQRoe2mw3u-x3XgxEFhKlMjBiIkmw8c4FU3H3pHwT0DEaeIRRPg2Z10LwA3S4wSH7ctjY1KTWWR5Ka7VqoYjBVILUzsLvOobwg14brmwu3J5t774-fwMM7ZBoIdYFUF3hf_ErQlTeH6yonR-sqN-SH1dSKWAzoeKsbllr-yDev891cabZ0wxx8_XI4Bsbt6SY3dpkmTCRdQ75dEIxxvah0yMnPS2aLB2uZ2V7IdJKly2uvLC7FqebGCJWMQEVJrt7_BKEoybVfvpz82NbzfyJM92DSS55GEQSpAykIJL-8p0EB8585uOwPzU10dQXU7iOJC_R0gZ4sQOUBTHZ1aFN9Z_63z8fxBQJZGQZSV44CqeWnE59K8vZX8zDivNpqBM12p9PmUZtFTdZsNJnfcrnvUb_t-V4L1pTi3fkr_wYAAP__GBJxH1kEAAA= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 0\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 22fede7bca65d067100d08190743236e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":126,"timings":{"blocked":31,"dns":0,"connect":0,"send":0,"wait":94,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.storageimagedisplay.com/si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png","fqdn":"cdn.storageimagedisplay.com","domain":"storageimagedisplay.com","tld":"com"},"ip":{"addr":"45.133.44.2","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.247Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.storageimagedisplay.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Fri, 07 Nov 2025 02:33:02 GMT","end":"Thu, 05 Feb 2026 02:33:01 GMT"},"fingerprint":{"sha1":"FF:BB:C7:F6:31:A3:EE:08:8E:72:C4:2F:A2:C8:78:1B:3C:22:C4:57","sha256":"93:BE:65:88:B5:AC:E6:69:91:EE:F6:7E:27:3F:D6:9F:59:B1:AB:46:F7:49:0D:E8:F2:1C:9E:A9:BE:F9:B6:95"}}},"request":{"raw":"GET /si/d8/b1/09/d8b109165fc0ec08002c14fd9e81f6ece67b955e786b918b73abb33e5be5188f.png HTTP/1.1\r\nHost: cdn.storageimagedisplay.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:23 GMT\r\ncontent-type: image/png\r\ncontent-length: 57237\r\nserver: nginx/1.21.6\r\nlast-modified: Sun, 11 May 2025 14:02:30 GMT\r\netag: \"6820adf6-df95\"\r\nexpires: Wed, 07 Jan 2026 22:45:23 GMT\r\ncache-control: max-age=172800\r\nx-cdn-host-id: AH0543\r\nx-proxy-cache: HIT\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":57237,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 320 x 240, 8-bit/color RGBA, non-interlaced","md5":"423a240fbfb182d7805dad3bb9e822bb","sha1":"6a853689b2cc95a6c36b98e6938e598bf2a28d52","sha256":"da19475c70c6669a83473eb52dec1feb61e629e374fdd426dd02024080d0b1a6","sha512":"98e063f429420821aa55688891aa4426d16d9e7ffa44f92f8d9d7f3e3870007872a66a718185428f197db14d070b7254e92a2cc7734cc54c39034c808daa7c8f","ssdeep":"1536:BP5oFAaPeX990yL036TelNvY6lEFLXmLw2JR:FWqaPeXz0yLDe7luXyH","tlshash":"ab430224ff03e61784be24af91eae88f1f6421bfb5b092807770221445b7c6b4282463","first_seen":"2025-05-16T16:44:08.672031Z","last_seen":"2026-04-20T09:46:39.636152Z","times_seen":3687,"resource_available":false,"data":null}},"time_used":190,"timings":{"blocked":54,"dns":0,"connect":21,"send":0,"wait":62,"receive":13,"ssl":35},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026rb=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.241Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026rb= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: application/json\r\nContent-Length: 5550\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uncs=2; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nuncs49=2; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 9\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 70a88b37c8ec3f2fec9701ac48a6c5e0\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":8161,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"c543f2dde89fe51eca6312922ea85230","sha1":"fecb9ebed1c6acb292e018ce52c8d3821f29d300","sha256":"8c1cdca803adb335d54c3a3959444f52ae2dc8acbdf14d747ac34a1da4839b4b","sha512":"511d30e41fd663a061cf3788a4210420bcf0890dda678f5c8d3528def7608a6f86e1cadb58c25e9af837966db7f6a9c144d25c5e0c1b491ac0e9e68d24bee93d","ssdeep":"192:S5Wvizgmu4S4mhlBUl3mWF2vwvJYIH5Y+v:S5WviUN4SpluFF2vwvJYIHjv","tlshash":"adf19ff39c6512cd0d35b1f60dcf2667acf32750b49c4e0a513b7b2e31309a94619e1a","first_seen":"2026-01-05T22:45:51.477062Z","last_seen":"2026-01-05T22:45:51.477062Z","times_seen":1,"resource_available":false,"data":null}},"time_used":107,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":107,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRSunuS0HsR18TzoRUEm3dOdZMY9ROOaEIxJTCIBfxyqu6onZWq62qrq6cl4iQZkj8GTeup8k2x0DYviTRDCxIsEhO2L5rAB8S8QYfEiyCQDcR_Ue9-rrw7v-159tp9dEB8ZPV95S_WElHRisuZWX9wQCVO5qS6tVz235t6ubohkKrhd7Q6T7rzi-UHNfak6z6MtNVF3Pdf1XK86JzSPVXfikoVIj5terenWgnrNmwzQ1U_2JnNgqAPWuSA3IVj59J_xexDRAEn7uzvcbFmVvvxGO5PUKo0OO3on2UpUnqB9DWPtIE6ORq-hTEnIFxWo5GikAKpzMFSAUJSk8twjhMnRaEyEncOrSUMJniBkTyHvDMDlAIIOEKldCPaQABHD0jKS9r0lpXO6fcXSIVuS8cd_Q-QlGX90C0n7wawU3eqakpkVKjHoxgVEdwDRGiDNTmF7DkR-ish-CsF-JROPF5G0D5aNVBCsuFQv4gGocZANj3CQxQ6y1EGbnVcDtxFEHvWn4iaLpt2ABgHjodts1F2XNqNpZNEnEGwPkd5BqnewJfagsxOYzQKGOTC2JM7bO-iwAjknyA1BTglyQZBbgrxTHDJp6qa4x6TJQm9U66PqF31lW_v0UNkWTwio3oNmxYFIPzK7iOxYvxcb1lfDRENb9GnIiv30gjwzdMs5Lv7CFj-vct8PQo9FnDXDacbdySCk9Qad8uu82Wy4AYwoIEzl0oieKMnaCxdIxcNX_0VIT2HkKSLxPGjmgeYF6GaBXvLDprWpSamxPJbUbNYi1QZTBVI7Drvt7MsL8mx_dX325HJz7349Ax6dzdjeH_MPbn2MSBdIdYEPxc8ELXm3v6pycrCqckO-X06taIseHW51zVLLx-6_ybdzpdnCHbP3zWvRkBjC43Vu7CJNmEhahnw7Kxjjek7piJOfFswGD1cyszmb6SRLF1den1top5obI1QyABUluXFyH5Eoyc3fdi9_rD__D6J0ByY9I6OAUQRhWoEUBJJf39OwgPlfH17jfXMXLV0BtbtI2gU6ukBHFqByDya70bepPpv55cthfIVQVvqh1JWDUGr5eUk--P3HK7OMOK_GPq9HrtuYnvL8Rsw9P2BRPNkImmyKur7PYU0p3p8Z-y8AAP__2781llkEAAA=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.250Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RSz2skRRSunuS0HsR18TzoRUEm3dOdZMY9ROOaEIxJTCIBfxyqu6onZWq62qrq6cl4iQZkj8GTeup8k2x0DYviTRDCxIsEhO2L5rAB8S8QYfEiyCQDcR_Ue9-rrw7v-159tp9dEB8ZPV95S_WElHRisuZWX9wQCVO5qS6tVz235t6ubohkKrhd7Q6T7rzi-UHNfak6z6MtNVF3Pdf1XK86JzSPVXfikoVIj5terenWgnrNmwzQ1U_2JnNgqAPWuSA3IVj59J_xexDRAEn7uzvcbFmVvvxGO5PUKo0OO3on2UpUnqB9DWPtIE6ORq-hTEnIFxWo5GikAKpzMFSAUJSk8twjhMnRaEyEncOrSUMJniBkTyHvDMDlAIIOEKldCPaQABHD0jKS9r0lpXO6fcXSIVuS8cd_Q-QlGX90C0n7wawU3eqakpkVKjHoxgVEdwDRGiDNTmF7DkR-ish-CsF-JROPF5G0D5aNVBCsuFQv4gGocZANj3CQxQ6y1EGbnVcDtxFEHvWn4iaLpt2ABgHjodts1F2XNqNpZNEnEGwPkd5BqnewJfagsxOYzQKGOTC2JM7bO-iwAjknyA1BTglyQZBbgrxTHDJp6qa4x6TJQm9U66PqF31lW_v0UNkWTwio3oNmxYFIPzK7iOxYvxcb1lfDRENb9GnIiv30gjwzdMs5Lv7CFj-vct8PQo9FnDXDacbdySCk9Qad8uu82Wy4AYwoIEzl0oieKMnaCxdIxcNX_0VIT2HkKSLxPGjmgeYF6GaBXvLDprWpSamxPJbUbNYi1QZTBVI7Drvt7MsL8mx_dX325HJz7349Ax6dzdjeH_MPbn2MSBdIdYEPxc8ELXm3v6pycrCqckO-X06taIseHW51zVLLx-6_ybdzpdnCHbP3zWvRkBjC43Vu7CJNmEhahnw7Kxjjek7piJOfFswGD1cyszmb6SRLF1den1top5obI1QyABUluXFyH5Eoyc3fdi9_rD__D6J0ByY9I6OAUQRhWoEUBJJf39OwgPlfH17jfXMXLV0BtbtI2gU6ukBHFqByDya70bepPpv55cthfIVQVvqh1JWDUGr5eUk--P3HK7OMOK_GPq9HrtuYnvL8Rsw9P2BRPNkImmyKur7PYU0p3p8Z-y8AAP__2781llkEAAA= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+502970cc2f9f744e7acbde213f0828a6=5941311; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\niprc_l:5941311=1; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 95751a33e124d7f8b1aa406e751308e4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":651,"timings":{"blocked":272,"dns":1,"connect":93,"send":0,"wait":96,"receive":0,"ssl":186},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/impr.gif?sid=H4sIAAAAAAAC_1SSv28cxRvGZx0XX31TIMCiQzoFiiDwefd2fT9I4WCMg4WxjW1koVAwuzN7Hry3s8zM3p6vMlhCKU1HQbF-zo5FiAIoNSI601lC8kLjIlZQ_gEQUTokdOeTIt7ifd_RZ6R5n-edL_fTc-IipWcr78uuiCI6NV22S1c3RMxkpktL6yXHLtvXShsirnrXSp1BUu03Hdcr26-VbvBgS05VbMe2HdspzQvFQ9mZGlKI5G7DKTfsslcpO9MeOuq_Z51a0NQCa5-TFyBY8dzj8CZE0Efc-mGO6y0jkzfeaaURNVKhzY4-jLdimcVoPWtDZSGMj0a3IXVByNdjkPHRSAFk-2CgAL4oyNhLD-HHR6Mx4bcPLyb1I_AYPruMrN0Hj_oQtI9A7kKwUwIEDEvLiFu3l6TK6PYFpQNakPGnf0NkBRl_OIG4dW82Ep3SmoxSI2Ss0QlziE4fotlHkh7DdC2I7BiB-QKC_Uqmni4ibh0s60hCsLNXvdCmTiMMJx3u-JOeF3iTNKy7k7xWow3fr_KgQocWibAPqi8h1RZSYSENLaSJhRY7K3l23Qsc6lbDBgtqtkc9j3HfbtQrtk0bQQ1p8DkE20OgdpCoHWyJPaj0AfRmDs3GoE1BrA-20WY5Mk6QaYKMEmSCIDMEWTs_ZJGu6Pw2i3TqO6NaGVU370nT3KeH0jR5TEDVHhTLD0Tymd5FYC71uqFmPTlI1Dd5j_os30_OyfMDS63vn1Swxc9KjFYarleveaxmVxsu4w6v-I5dc23qU85caJFD6DFQbaErCrL2yjkScXr9H_j0GDo6RiCugKYvg2Y56GaObnx_05hEJ1QbHkZUb5YD2QKTORIzDrNt7Ufn5MXe6vrsg-F6P5m7Ah6cXP_fRPePG_cmEKgcicrxqfiFoBnd6q3KjBysykyTH5cTI1qiSwerXzPU8PE77_HtTCq2MKf3vn0rGIBBe3eda7NIYybipibfzQrGuJqXKuDkpwW9wf2VVG_OpipOk8WVt-cXWoniWgsZ90FFQf7_zesIREEmrs4Mv_X0k0cIkh3o5GTmsTsMaEngJxYiUZB3bz5CxE9mTj-6_3vx1x1QP4fmzzT5_OTnP8kw9vUtNJUFanYRt3K0VY52lINGe9DppZ5J1MnMb6M3_Mjq-ZGyDvxIRV9deKXFWSl0eSWw7Xqt6rj1kDuux4Jwuu41WJXarsthdCE-nrn8bwAAAP__mSj8rX0EAAA=","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.757Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1SSv28cxRvGZx0XX31TIMCiQzoFiiDwefd2fT9I4WCMg4WxjW1koVAwuzN7Hry3s8zM3p6vMlhCKU1HQbF-zo5FiAIoNSI601lC8kLjIlZQ_gEQUTokdOeTIt7ifd_RZ6R5n-edL_fTc-IipWcr78uuiCI6NV22S1c3RMxkpktL6yXHLtvXShsirnrXSp1BUu03Hdcr26-VbvBgS05VbMe2HdspzQvFQ9mZGlKI5G7DKTfsslcpO9MeOuq_Z51a0NQCa5-TFyBY8dzj8CZE0Efc-mGO6y0jkzfeaaURNVKhzY4-jLdimcVoPWtDZSGMj0a3IXVByNdjkPHRSAFk-2CgAL4oyNhLD-HHR6Mx4bcPLyb1I_AYPruMrN0Hj_oQtI9A7kKwUwIEDEvLiFu3l6TK6PYFpQNakPGnf0NkBRl_OIG4dW82Ep3SmoxSI2Ss0QlziE4fotlHkh7DdC2I7BiB-QKC_Uqmni4ibh0s60hCsLNXvdCmTiMMJx3u-JOeF3iTNKy7k7xWow3fr_KgQocWibAPqi8h1RZSYSENLaSJhRY7K3l23Qsc6lbDBgtqtkc9j3HfbtQrtk0bQQ1p8DkE20OgdpCoHWyJPaj0AfRmDs3GoE1BrA-20WY5Mk6QaYKMEmSCIDMEWTs_ZJGu6Pw2i3TqO6NaGVU370nT3KeH0jR5TEDVHhTLD0Tymd5FYC71uqFmPTlI1Dd5j_os30_OyfMDS63vn1Swxc9KjFYarleveaxmVxsu4w6v-I5dc23qU85caJFD6DFQbaErCrL2yjkScXr9H_j0GDo6RiCugKYvg2Y56GaObnx_05hEJ1QbHkZUb5YD2QKTORIzDrNt7Ufn5MXe6vrsg-F6P5m7Ah6cXP_fRPePG_cmEKgcicrxqfiFoBnd6q3KjBysykyTH5cTI1qiSwerXzPU8PE77_HtTCq2MKf3vn0rGIBBe3eda7NIYybipibfzQrGuJqXKuDkpwW9wf2VVG_OpipOk8WVt-cXWoniWgsZ90FFQf7_zesIREEmrs4Mv_X0k0cIkh3o5GTmsTsMaEngJxYiUZB3bz5CxE9mTj-6_3vx1x1QP4fmzzT5_OTnP8kw9vUtNJUFanYRt3K0VY52lINGe9DppZ5J1MnMb6M3_Mjq-ZGyDvxIRV9deKXFWSl0eSWw7Xqt6rj1kDuux4Jwuu41WJXarsthdCE-nrn8bwAAAP__mSj8rX0EAAA= HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl28308530=1; slecda2934874d70693de1e2b10730abaed3=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:32 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+44a0fd7c5a035676d124cc82052f5a08=6308898; expires=Tue, 06 Jan 2026 22:45:32 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Tue, 06 Jan 2026 22:45:32 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 3\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 32a9467e67a82148d088b80fb35b2e2e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":98,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.cdn4ads.com/ljquery.jsonp.min.css","fqdn":"www.cdn4ads.com","domain":"cdn4ads.com","tld":"com"},"ip":{"addr":"95.173.205.15","port":443,"asn":60068,"as":"Datacamp Limited","country":"Norway","country_code":"NO"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.288Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"1037973644.rsc.cdn77.org","organization":""},"issuer":{"commonName":"E8","organization":"Let's Encrypt"},"validity":{"start":"Wed, 12 Nov 2025 14:38:09 GMT","end":"Tue, 10 Feb 2026 14:38:08 GMT"},"fingerprint":{"sha1":"A0:57:5F:15:42:AC:10:94:C2:93:0A:71:50:CD:A4:70:48:15:E8:4D","sha256":"18:6A:15:2A:B8:EB:FC:88:BE:D9:89:BC:69:B1:A5:B3:99:8B:A5:20:F5:5C:BF:69:F8:63:94:75:61:B8:80:0A"}}},"request":{"raw":"GET /ljquery.jsonp.min.css HTTP/1.1\r\nHost: www.cdn4ads.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\ncontent-type: application/x-javascript\r\npopads-node: wb6\r\nexpires: Tue, 06 Jan 2026 09:04:14 GMT\r\naccess-control-allow-origin: https://pasteflash.sx\r\nlink: \u003chttps://cdn4ads.com/\u003e;rel=preconnect\r\ncache-control: public, max-age=604800\r\nx-77-nzt: EwwBX63NDQHXrHEIAAwBuUwKAQH3mjcAAAwBw7WvBgG3LAAAAA\r\nx-77-nzt-ray: 2a494a1583368f9d263f5c6955037b10\r\nx-77-cache: HIT\r\nx-77-age: 553388\r\nvary: Accept-Encoding, Origin\r\ncontent-encoding: gzip\r\nserver: CDN77-Turbo\r\nx-77-pop: osloNO\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"CDN77","description":"CDN77 is a content delivery network (CDN).","website":"https://www.cdn77.com","common_platform_enumeration":"","icon":"CDN77.png","categories":["CDN"]}],"data":{"size":41922,"size_decoded":0,"mime_type":"application/x-javascript","magic":"JavaScript source, ASCII text, with very long lines (1568)","md5":"8dec5a628accef41958e35732c981ec8","sha1":"8525d015ecc3aa9fbed456d22a037556866633e3","sha256":"cdc470ed30f784d93ca7e174c61791fb8ad4f37dc8c1caae0c9342a39454a4b6","sha512":"3622efea19a633caa099cdb23b3e8b401222aa27c987a405a6161e8caf382e310457f11961855dfe3bce9dd87d05fdbaacd4f702937ced9e43246e9e81400579","ssdeep":"768:bt9rqAYKK2ZzFQ9JsQU+YDngZGihfzmMzhYrTsAysncCWcf5k5sigCbbLCntlqod:bb9ZzFQ9JsTgZvfzmMzhYrTscpEZw","tlshash":"8b1329aab286282601e742b9503eb317b23305167912d458fcb9cdf96e3dd86117b7fc","first_seen":"2026-01-03T04:30:22.51299Z","last_seen":"2026-01-06T04:09:54.072211Z","times_seen":4,"resource_available":true,"data":null}},"time_used":33,"timings":{"blocked":-1,"dns":19,"connect":1,"send":0,"wait":1,"receive":0,"ssl":9},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"6.adsco.re/","fqdn":"6.adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"104.16.84.77","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:21.756Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: 6.adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:21 GMT\r\ncontent-type: text/plain;charset=UTF-8\r\ncontent-length: 45\r\ncf-ray: 9b96816b38b249c5-OSL\r\naccess-control-allow-origin: https://pasteflash.sx\r\ncache-control: private, max-age=300, immutable, stale-if-error=300, stale-while-revalidate=300\r\naccess-control-allow-headers: Content-Type\r\naccess-control-allow-methods: GET, HEAD, OPTIONS\r\naccess-control-expose-headers: *\r\naccess-control-max-age: 2592000\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45,"size_decoded":0,"mime_type":"text/plain; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"5b41cb22f84f645a103acc7bfbf084ff","sha1":"bac3967b26d5ec4a0d09a580714e8219796816bd","sha256":"709f0a0dfab9f9e074f4a4a348dcb09150838284d21e75cfb9e5ceaeeb2054bc","sha512":"772066ed1119519a19884fc94de2c9f2cc538b4528d9e2651a89b93d65bd4000b18297bfbdd8903b65146858935d33cac048c321dad2ea4f1f84ca6dd9b7d98f","ssdeep":"","tlshash":"7990041154441d34dc45470c4f0d0f0553dc5153df377374ddc50f0414531344141d00","first_seen":"2023-04-05T06:05:36Z","last_seen":"2026-03-30T19:07:46.969854Z","times_seen":25700,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":39,"dns":32,"connect":1,"send":0,"wait":11,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.753Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:32 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=9w6PNhttrdP7uk5YdJF3vAtmS7CM0dwryvz3qr7susO0BbhQJi0m9Bl8ZTFOJVW9O%2Fmc%2BBsVAHRtFa694AwxIbQ5quSYrpleIwrVDoyE2vc%3D\"}]}\r\ncf-ray: 9b9681a99cbf4c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-19T18:43:01.432291Z","times_seen":5649,"resource_available":false,"data":null}},"time_used":542,"timings":{"blocked":27,"dns":1,"connect":1,"send":0,"wait":484,"receive":0,"ssl":25},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"sourshaped.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=526","fqdn":"sourshaped.com","domain":"sourshaped.com","tld":"com"},"ip":{"addr":"172.240.108.84","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.273Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"sourshaped.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Mon, 29 Dec 2025 00:11:03 GMT","end":"Sun, 29 Mar 2026 00:11:02 GMT"},"fingerprint":{"sha1":"93:86:61:9F:2D:73:66:D5:37:73:1C:FE:70:C8:9F:23:B1:C8:8A:D6","sha256":"9D:5E:D7:81:B8:B1:D7:5F:1F:E3:92:85:57:6C:B5:66:34:D6:DE:4F:AA:6C:8B:E9:92:36:D1:CC:BF:CC:45:D3"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=526 HTTP/1.1\r\nHost: sourshaped.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: uid_id2=4f0a19ff-1e1b-44c4-af83-e77a9bb6ec2a:3:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl28308530=1; slecda2934874d70693de1e2b10730abaed3=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:32 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: sourshaped.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":169,"timings":{"blocked":71,"dns":0,"connect":0,"send":0,"wait":96,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"sourshaped.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026rb=","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.212Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /ntv.json?key=e334b1dced9b7de054ba28a632e99804\u0026vstc=2\u0026rb= HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=1; pdhtkv49=true; uncs49=1; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: application/json\r\nContent-Length: 5491\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://pasteflash.sx\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uncs=2; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\nuncs49=2; expires=Tue, 06 Jan 2026 22:45:23 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 12\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 2fedb798c658d07c25572314ce227f54\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":8158,"size_decoded":0,"mime_type":"application/json","magic":"JSON text data","md5":"3a0ddd8f1e8eaf4f669389146f60b9d0","sha1":"a3effd681f1338fa5fcadd34b531193bbf59f29e","sha256":"4ec08fbb09ebc17c48441ce52eb1e345e6b0967d46ca525e931c82c8468ea0e7","sha512":"292a6a3f37813d7906ca389fb7c23423fb560e3dc70491d7b142f93828c2474027530ecc1618d101fb33d10290b28556d935268e3bd8cb058d66a16a05d7e552","ssdeep":"96:7HV6iPKFlzHyH27bvnWSfUsVp5C0n0DOooYVgUMYaLw9M8qHID1aku0jWuHW4u:70i4lzn3nWS5vn0DNoKMY9MnOYsjWu8","tlshash":"61f18db3e65963a60a395988429bc53f98d82840fcd5fdccc33d7cbe3866547272ac21","first_seen":"2026-01-05T22:45:51.480892Z","last_seen":"2026-01-05T22:45:51.480892Z","times_seen":1,"resource_available":false,"data":null}},"time_used":106,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":105,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_4RTz4scRRuumYTvkO8gGvE8qAcVme2e7t2dNofoGiPBmMQkkkMMUl1VPVNOTVdbVT09mVM0EIKnxZN6seeZya7RRRSvKmEiggSEzMkFsxf_giDkJkjPDqyefKHeH89Th_d5660b43yPBMjp7rk39UgqRVdWm17juUsy5bqwjTMXG77X9I41Lsl0LTzWGFbODF7yg7DpPd94XbCeXml5vuf5nt84KY1I9HBlwUJmO5HfjLxm2Gr6qyGG5t-1zeuwtA4-2CNPQPL5Y38klyHZDGn_mxPC9pzOXnytnyvqtMGAb7-d9lJdpOgfpImpIUm3l7eh7ZyQT-rQ6fZSAfRgWilALOek_tQDxOn2sk3Eg1v7ncYKIkXM_49iMINQM0g6A9PXIfl9AjCOM2eR9rfOaFPQq_ssrdg5OfzoT8hiTg4_eBJp_-sNJYeNC1rlTurUYpiUkMMZZGeGLJ_BjWqQxV0w9yEk_5WsPDqNtD89a5WG5OVCvUxmoLaGvDqyhjypIc9q6PPdRui1Q-bTYC2JOFv3QhqGXMRe1G55Ho3YOnL2ASTfBDM3tjLedb3B1JlcTPOU2bH_xT4URgtwqwLDaOzv5O9mqtX2Im_Ni8b-7rOpEkwEQRj7nAkexetceKthTFttuha0RBS1vfD25dUo9APfv4LMXENPbsLkd2C7JSyvw7o5qb11DQNeohAEhSUoKEEhCQpHUAzKW1zZli23uLJ57C9jaxmDcqJdZ0xvadcRKQE1mzC8nMrsfXsdzB2ajBLLJ7pyNHblhMa8HGd75PHqWWo75UP0xG7jv1TAyhLS1hcTH8k5ufDMHjJ5_-W_ENO7sOoumHwaNPdBixK0W2KUftd1LrMZtU4kitpuk-k-uC6RucNwV2tjtUeOTs5f3LizWJErv30Pwe6RpYGZEpkp8Z78iaCjbk7O64JMz-vCkm_PZk725YhW63PBUSf-9-Ub4mqhDT91wm7efoVVRJXuXBTWnaYpl2nHkq82JOfCnNSGCfLDKXtJxOdy293ITZpnp8-9evJUPzPCWqnTGaickyMPPwKTc3L0x88XX2P1hd_Bsmuw2UGfVhPEWQ1KEihxgNO4hP1HHR_kY3sTHVMHddeR9ksMTImBKkHVJmx-ZOIyc-_4L59W9hliVZ_EytSnsTLq48WcKvczrNxtJIFoMc9rr6_5QTsRfhBylqy2w4ivUS8IBJydy3eOH_o7AAD__63j_JvCBAAA","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.127.242","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.315Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_4RTz4scRRuumYTvkO8gGvE8qAcVme2e7t2dNofoGiPBmMQkkkMMUl1VPVNOTVdbVT09mVM0EIKnxZN6seeZya7RRRSvKmEiggSEzMkFsxf_giDkJkjPDqyefKHeH89Th_d5660b43yPBMjp7rk39UgqRVdWm17juUsy5bqwjTMXG77X9I41Lsl0LTzWGFbODF7yg7DpPd94XbCeXml5vuf5nt84KY1I9HBlwUJmO5HfjLxm2Gr6qyGG5t-1zeuwtA4-2CNPQPL5Y38klyHZDGn_mxPC9pzOXnytnyvqtMGAb7-d9lJdpOgfpImpIUm3l7eh7ZyQT-rQ6fZSAfRgWilALOek_tQDxOn2sk3Eg1v7ncYKIkXM_49iMINQM0g6A9PXIfl9AjCOM2eR9rfOaFPQq_ssrdg5OfzoT8hiTg4_eBJp_-sNJYeNC1rlTurUYpiUkMMZZGeGLJ_BjWqQxV0w9yEk_5WsPDqNtD89a5WG5OVCvUxmoLaGvDqyhjypIc9q6PPdRui1Q-bTYC2JOFv3QhqGXMRe1G55Ho3YOnL2ASTfBDM3tjLedb3B1JlcTPOU2bH_xT4URgtwqwLDaOzv5O9mqtX2Im_Ni8b-7rOpEkwEQRj7nAkexetceKthTFttuha0RBS1vfD25dUo9APfv4LMXENPbsLkd2C7JSyvw7o5qb11DQNeohAEhSUoKEEhCQpHUAzKW1zZli23uLJ57C9jaxmDcqJdZ0xvadcRKQE1mzC8nMrsfXsdzB2ajBLLJ7pyNHblhMa8HGd75PHqWWo75UP0xG7jv1TAyhLS1hcTH8k5ufDMHjJ5_-W_ENO7sOoumHwaNPdBixK0W2KUftd1LrMZtU4kitpuk-k-uC6RucNwV2tjtUeOTs5f3LizWJErv30Pwe6RpYGZEpkp8Z78iaCjbk7O64JMz-vCkm_PZk725YhW63PBUSf-9-Ub4mqhDT91wm7efoVVRJXuXBTWnaYpl2nHkq82JOfCnNSGCfLDKXtJxOdy293ITZpnp8-9evJUPzPCWqnTGaickyMPPwKTc3L0x88XX2P1hd_Bsmuw2UGfVhPEWQ1KEihxgNO4hP1HHR_kY3sTHVMHddeR9ksMTImBKkHVJmx-ZOIyc-_4L59W9hliVZ_EytSnsTLq48WcKvczrNxtJIFoMc9rr6_5QTsRfhBylqy2w4ivUS8IBJydy3eOH_o7AAD__63j_JvCBAAA HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=2; pdhtkv49=true; uncs49=2; u_pl28090609=1; nlece334b1dced9b7de054ba28a632e99804=[5941311]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\nvary: Origin\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 113989995821ef254908db404fd79e0d\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":148,"timings":{"blocked":53,"dns":0,"connect":0,"send":0,"wait":95,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"villainindiscreetnewsletter.com/impr.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu2QQP8SAa8TyoBxV3tvrH7EybQ3SNkWBMQhLJQUWqq6p3y-3paquqpydzMgYleFo8qRd7vpnsRl1E8RwNEy8SEDIn95C9-BcEITdBenZg9UG9H_V9h_e-evXZqNgnAQq2d-FtPVRpylbaLdp84YrKhC5t89zlpkdb9ETzispWwxPNQe1M_xUvCFv0xeabkm_qFZ96lHrUa55WRiZ6sDJHofLdyGtFtBX6La8dYmD-X9viCCw7AtHfJ09BidkTfyXvQvEpst6Pp6TddDp_-Y1ekTKnDfpi551sM9Nlht5hmpgGkmxnwYa2M0K-XILOdhYTQPcn9QSI1YwsPfMAcbazaBNx_-ZBp3EKmSEWj6PsTyHTKRSbguvrUOI-AbjAufPIetvntCnZ1QOU1eiMHH30N1Q5I0cfPI2s98NaqgbNSzotnNKZxSCpoAZTqPUp8mIKN2xAlXfB3SdQ4g-y8ugsst7kvE01lNh7vtORgkZtf5nKJFwOvVAus247WhZcSN4VIQ1iMZdIJVMw20BRH9VAkTRQ5A30xF4zpN2QeyxYTSLBOzRkYShkTKOuTymLeAcFvwYltsDNp7dyseE2-2E0caaQ20XGbRiN_N3igzz1uzSiqzQaedsHrDlnUnNGPnJz7ZYIOjKIeTiKsam2YIo7sBsVrGjAOoK-qFBKgtISlIygVASlIyj71U2RWt9W2yK1Rewtor-IQTXWbn3Ebmq3LjMCZrZgRDVR-Uf2Org7Mh4mVox17VjsqjGLRTXK98mT9ZM0dquH2JR7TRkEYewJLkUUd4Sk7TBmfpetBr6Moi4NYVUFZZfmQg7VjFx6bh-5uv_qP4jZXdj0Lrh6FqzwwMoKbKPCMPt5w7nc5sw6maTMbrS47kHoCrk7Cne1MUr3yfHxxctrd-br8f6ftyH5PbIwcFMhNxU-VL8RrKc3xhd1SSYXdWnJT-dzp3pqyOrVueSYk49995a8WmojzpyyW9--xmugTncvS-vOskyobN2S79eUENKc1oZLcvuMvSLjC4XdWCtMVuRnL7x--kwvN9JapbMpmJqRYw8_B1czcvyXb-bfov3SA_D8Y9j8sE-rCeK8gVQRpPLwnsUV7H_q-DAf2RtYN0tg7jqyXoW-qdBPK7B0C7Y4Nna5uXfy969q-xpxujSOU7M0iVOTfjHXqXa_wqq9ZhJIn1Pa7ax6QTeRXhAKnrS7YSRWGQ0CCWdn6r2Tx_4NAAD__1dEG46-BAAA","fqdn":"villainindiscreetnewsletter.com","domain":"villainindiscreetnewsletter.com","tld":"com"},"ip":{"addr":"172.240.108.68","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:30.938Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"villainindiscreetnewsletter.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Fri, 19 Dec 2025 08:13:20 GMT","end":"Thu, 19 Mar 2026 08:13:19 GMT"},"fingerprint":{"sha1":"D5:23:91:2A:01:76:E9:21:D6:E1:A0:D0:D7:3C:60:84:45:1F:92:79","sha256":"B3:C9:9E:18:21:46:C6:95:3C:51:EF:26:D3:F2:52:23:93:17:07:3F:2A:7D:CA:59:E6:68:6A:72:9C:F2:0D:AB"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1RTz4scRRSu2QQP8SAa8TyoBxV3tvrH7EybQ3SNkWBMQhLJQUWqq6p3y-3paquqpydzMgYleFo8qRd7vpnsRl1E8RwNEy8SEDIn95C9-BcEITdBenZg9UG9H_V9h_e-evXZqNgnAQq2d-FtPVRpylbaLdp84YrKhC5t89zlpkdb9ETzispWwxPNQe1M_xUvCFv0xeabkm_qFZ96lHrUa55WRiZ6sDJHofLdyGtFtBX6La8dYmD-X9viCCw7AtHfJ09BidkTfyXvQvEpst6Pp6TddDp_-Y1ekTKnDfpi551sM9Nlht5hmpgGkmxnwYa2M0K-XILOdhYTQPcn9QSI1YwsPfMAcbazaBNx_-ZBp3EKmSEWj6PsTyHTKRSbguvrUOI-AbjAufPIetvntCnZ1QOU1eiMHH30N1Q5I0cfPI2s98NaqgbNSzotnNKZxSCpoAZTqPUp8mIKN2xAlXfB3SdQ4g-y8ugsst7kvE01lNh7vtORgkZtf5nKJFwOvVAus247WhZcSN4VIQ1iMZdIJVMw20BRH9VAkTRQ5A30xF4zpN2QeyxYTSLBOzRkYShkTKOuTymLeAcFvwYltsDNp7dyseE2-2E0caaQ20XGbRiN_N3igzz1uzSiqzQaedsHrDlnUnNGPnJz7ZYIOjKIeTiKsam2YIo7sBsVrGjAOoK-qFBKgtISlIygVASlIyj71U2RWt9W2yK1Rewtor-IQTXWbn3Ebmq3LjMCZrZgRDVR-Uf2Org7Mh4mVox17VjsqjGLRTXK98mT9ZM0dquH2JR7TRkEYewJLkUUd4Sk7TBmfpetBr6Moi4NYVUFZZfmQg7VjFx6bh-5uv_qP4jZXdj0Lrh6FqzwwMoKbKPCMPt5w7nc5sw6maTMbrS47kHoCrk7Cne1MUr3yfHxxctrd-br8f6ftyH5PbIwcFMhNxU-VL8RrKc3xhd1SSYXdWnJT-dzp3pqyOrVueSYk49995a8WmojzpyyW9--xmugTncvS-vOskyobN2S79eUENKc1oZLcvuMvSLjC4XdWCtMVuRnL7x--kwvN9JapbMpmJqRYw8_B1czcvyXb-bfov3SA_D8Y9j8sE-rCeK8gVQRpPLwnsUV7H_q-DAf2RtYN0tg7jqyXoW-qdBPK7B0C7Y4Nna5uXfy969q-xpxujSOU7M0iVOTfjHXqXa_wqq9ZhJIn1Pa7ax6QTeRXhAKnrS7YSRWGQ0CCWdn6r2Tx_4NAAD__1dEG46-BAAA HTTP/1.1\r\nHost: villainindiscreetnewsletter.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nCookie: pdhtkv=true; uncs=3; pdhtkv49=true; uncs49=3; u_pl28090609=1; iprc_l+502970cc2f9f744e7acbde213f0828a6=5941311; iprc_l:5941311=1; uid_id2=77ed0952-0ef4-414e-a859-dcdec8d403bd:1:1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Mon, 05 Jan 2026 22:45:30 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 4\r\nHost: villainindiscreetnewsletter.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 53bd1b31cdcf94723c717444ac44659b\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-20T13:59:59.325235Z","times_seen":13977692,"resource_available":true,"data":null}},"time_used":99,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":99,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"villainindiscreetnewsletter.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.74.10","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.861Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"A8:BA:6B:80:7C:EC:B1:6F:C1:C2:03:D7:C9:27:6E:75:DE:4B:AA:47","sha256":"4E:2C:B9:C5:81:56:5E:97:93:07:22:12:66:E2:52:C6:0A:2E:17:72:FF:9B:5F:2A:B9:E1:21:80:05:6D:8B:3D"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Mon, 05 Jan 2026 22:45:32 GMT\r\ndate: Mon, 05 Jan 2026 22:45:32 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-04-15T20:27:38.048842Z","times_seen":6026,"resource_available":false,"data":null}},"time_used":331,"timings":{"blocked":146,"dns":0,"connect":24,"send":0,"wait":35,"receive":0,"ssl":122},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.96.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:31.864Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Mon, 05 Jan 2026 22:45:31 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=LMnGNn4lqMIVtHywCZLb0lyRTJ6MGxwrUsXYPimd1AVsY9H9Qi3f3T7rUgXLPboKYxuFsvC81Wm%2Bw%2FmxXvSE7bJ29Dz%2BY1c%2BXdwuEwed0kc%3D\"}]}\r\nage: 1542297\r\ncf-cache-status: HIT\r\netag: W/\"675af4e6-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9b9681aa1dc34c11-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-20T12:01:38.568364Z","times_seen":9048,"resource_available":false,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2026-01-05","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"adsco.re/p","fqdn":"adsco.re","domain":"adsco.re","tld":"re"},"ip":{"addr":"162.252.214.5","port":443,"asn":53334,"as":"TUT-AS","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:23.258Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_RSA_WITH_AES_256_CBC_SHA","key_group_name":"none","signature_name":"none","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.adsco.re","organization":"Adscore Technologies DMCC"},"issuer":{"commonName":"Sectigo Public Server Authentication CA OV R36","organization":"Sectigo Limited"},"validity":{"start":"Mon, 15 Sep 2025 00:00:00 GMT","end":"Thu, 01 Oct 2026 23:59:59 GMT"},"fingerprint":{"sha1":"EC:13:B4:EC:A8:B2:CD:2E:12:E1:84:0E:E5:64:5D:88:D5:CA:3A:59","sha256":"C9:35:54:5E:EF:18:4E:21:62:7D:1D:23:55:D2:B9:CC:68:48:01:7B:AC:A5:8B:D9:3D:71:85:DC:07:17:02:2F"}}},"request":{"raw":"POST /p HTTP/1.1\r\nHost: adsco.re\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nContent-Length: 2859\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://pasteflash.sx/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"POST"},"response":{"raw":"HTTP/1.1 200 OK\r\nDate: Mon, 05 Jan 2026 22:45:23 GMT\r\nContent-Type: text/html; charset=UTF-8\r\nTransfer-Encoding: chunked\r\nConnection: keep-alive\r\nAS-P-1: OK lon123\r\nAS-P-2: OK\r\nAS-P-3: OK\r\nAccess-Control-Max-Age: 2592000\r\nCache-Control: no-transform\r\nAccept-CH: Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Full-Version, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Arch, Sec-CH-UA-Model, Device-Memory, Downlink, ECT, RTT, Width, Viewport-Width, DPR\r\nAccess-Control-Allow-Origin: https://pasteflash.sx\r\nAccess-Control-Allow-Credentials: true\r\nContent-Encoding: gzip\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1212,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with very long lines (1212), with no line terminators","md5":"4f83832483464f031fa62d3bad566830","sha1":"dd7f0b0753ca5fa1441b687057dbe512c89535fc","sha256":"1a48c3366a1194d56a46f50b367957cf7f49d6c41c5024d99b4e25f4a7fed67e","sha512":"42405bacca4c53e19ec23d1d0e131f4b379cb920d2a089b5170334ccaab541015afc3c742455d38dff32343cde7dfd1fbe082bf0550f0d490ad114905f57b0ee","ssdeep":"","tlshash":"9f21e7be728a9850252b61f42c6c228af4d211363c2e609d238d2c3f495062358a9df0","first_seen":"2026-01-05T22:45:51.482581Z","last_seen":"2026-01-05T22:45:51.482581Z","times_seen":1,"resource_available":false,"data":null}},"time_used":226,"timings":{"blocked":90,"dns":2,"connect":26,"send":0,"wait":50,"receive":0,"ssl":54},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.74.35","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://pasteflash.sx/VbqILJAi","date":"2026-01-05T22:45:32.768Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WR2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:53:13 GMT","end":"Wed, 25 Feb 2026 15:53:12 GMT"},"fingerprint":{"sha1":"5A:E3:E3:B6:18:F9:10:0B:5B:11:FA:CB:BF:0C:9B:5C:0E:34:70:78","sha256":"FC:46:B0:C1:1E:B2:21:60:D9:7E:6A:ED:42:56:B2:CF:2A:E4:D2:F1:1C:63:63:98:2B:A3:0F:6C:4A:98:74:D6"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://pasteflash.sx\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 19:22:36 GMT\r\nexpires: Wed, 30 Dec 2026 19:22:36 GMT\r\ncache-control: public, max-age=31536000\r\nage: 530576\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-20T13:59:38.920906Z","times_seen":751132,"resource_available":false,"data":null}},"time_used":244,"timings":{"blocked":98,"dns":17,"connect":20,"send":0,"wait":21,"receive":26,"ssl":58},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}