{"report_id":"7c5ea2a5-704d-4dca-9dbe-c5eb2a713b61","version":6,"status":"done","tags":[],"date":"2025-12-31T11:16:32Z","url":{"schema":"http","addr":"iptv.cqshushu.com","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"104.21.59.174","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"iptv.cqshushu.com/","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"title":"IPTV神器Pro - 每日更新最新酒店源、组播源IP、节目列表","dom":{"size":67550,"mime_type":"text/html; charset=utf-8","magic":"HTML document, Unicode text, UTF-8 text","md5":"d3299a20e5be0079efe4fb417eba9a12","sha1":"cbeb97761bbbca30777b5cde937088f812b57eb4","sha256":"675b512f659f0e9f70d24ac33f10f8fa1564c1b9c2f5bddb5177ec32003f3189","sha512":"50781ac89af3d4e7d1386cf8585cbe09d4730d2e6a79fbe91edcc9549dbf9e4c69a0e36d748d10a0e66e351cbd9b4b8ab980aff29bd4d50c0bc3674544401c2a","ssdeep":"1536:clyk1sOpRpHitixbObUHuH3FlFfFPFoWT/M0+8n9:3OpRpHitixbObUHuH3FlFfFPFoWT/M0F","tlshash":"ec63bf5b2dd6010486064278a3fe6f19272c8483281ffcfab39514c98f5667d93eb65f","dom_hash":"domhash37fa84df85cae22f54658f4955cb225f","first_seen":"","last_seen":"","times_seen":0,"resource_available":false,"data":null}},"submit":{"url":{"schema":"http","addr":"iptv.cqshushu.com","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"104.21.59.174","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2027-02-04T11:16:32Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":18}},"detection":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null},"summary":[{"fqdn":"iptv.cqshushu.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-06-19","domain_rank":0,"first_seen":"2025-11-22T14:29:17.100299Z","last_seen":"2025-11-22T14:29:17.100299Z","alert_count":0,"request_count":5,"received_data":119155,"sent_data":2469,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"crypto-js:4.1.1","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]}]},{"fqdn":"cdn.show-creative1.com","ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2024-08-20","domain_rank":392451,"first_seen":"2024-08-27T12:23:01Z","last_seen":"2025-12-29T08:13:36.913204Z","alert_count":0,"request_count":1,"received_data":2272,"sent_data":486,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}]},{"fqdn":"preferencenail.com","ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"domain_registered":"2025-07-01","domain_rank":20606,"first_seen":"2025-07-08T12:55:47.271261Z","last_seen":"2025-12-24T19:08:33.595887Z","alert_count":3,"request_count":1,"received_data":85956,"sent_data":415,"comment":"","tags":null,"fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.gstatic.com","ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2008-02-11","domain_rank":0,"first_seen":"2014-04-02T10:51:04Z","last_seen":"2025-12-28T22:14:05.525046Z","alert_count":0,"request_count":2,"received_data":81924,"sent_data":1104,"comment":"","tags":null,"fingerprints":null},{"fqdn":"cdn.hyperpromote.com","ip":{"addr":"54.240.174.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"1998-07-07","domain_rank":4625543,"first_seen":"2012-10-15T14:53:54Z","last_seen":"2025-12-19T02:59:27.224849Z","alert_count":0,"request_count":1,"received_data":15216,"sent_data":572,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"cdnjs.cloudflare.com","ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2009-02-17","domain_rank":1222,"first_seen":"2012-05-23T12:49:49Z","last_seen":"2025-12-28T22:20:33.111263Z","alert_count":0,"request_count":1,"received_data":49336,"sent_data":453,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"protrafficinspector.com","ip":{"addr":"3.66.182.197","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"domain_registered":"2025-06-18","domain_rank":614186,"first_seen":"2025-07-25T22:45:21.95813Z","last_seen":"2025-12-30T21:57:49.11287Z","alert_count":0,"request_count":1,"received_data":426,"sent_data":450,"comment":"","tags":null,"fingerprints":null},{"fqdn":"creative-sb1.com","ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2025-07-01","domain_rank":22211,"first_seen":"2025-08-08T09:32:32.509707Z","last_seen":"2025-12-30T08:11:41.528618Z","alert_count":21,"request_count":7,"received_data":249575,"sent_data":3179,"comment":"","tags":null,"fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}]},{"fqdn":"pl28071922.effectivegatecpm.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-10-07","domain_rank":0,"first_seen":"2025-11-22T14:29:17.098977Z","last_seen":"2025-11-22T14:29:17.098977Z","alert_count":4,"request_count":1,"received_data":79731,"sent_data":466,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"kettledroopingcontinuation.com","ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2024-09-01","domain_rank":196057,"first_seen":"2025-07-30T15:18:19.355595Z","last_seen":"2025-12-29T13:33:59.184771Z","alert_count":45,"request_count":9,"received_data":19335,"sent_data":8298,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"flushpersist.com","ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"domain_registered":"2025-07-01","domain_rank":23810,"first_seen":"2025-07-08T10:43:12.76905Z","last_seen":"2025-12-24T20:59:21.717877Z","alert_count":3,"request_count":1,"received_data":530,"sent_data":769,"comment":"","tags":null,"fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"fonts.googleapis.com","ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"domain_registered":"2005-01-25","domain_rank":313,"first_seen":"2012-05-23T12:41:44Z","last_seen":"2025-12-28T22:17:10.032556Z","alert_count":0,"request_count":1,"received_data":17441,"sent_data":430,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":null,"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","size":6454,"data":"","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"about","addr":"about:blank","fqdn":"","domain":"","tld":""},"ip":{"addr":"0.0.0.0","port":0,"asn":0,"as":"","country":"","country_code":"ZZ"},"introduction_type":"scriptElement","is_inline":false,"md5":"8031540d85de0cbb2b320c72095efd4d","sha1":"f757978ab9c0ee787221074b9ea32c8ac246a83b","sha256":"75c6d4d0aadece0bed518d3286c52e6851635b5a80df4f30127e4e2971918ceb","sha512":"5542d8dbf4f7adca7852e0a59cc126b538bcdf600de30332c95c2c145c6866df747f70df1693e65fc65e1456b8e2db3da2d9e8ec8aa13022f17a15e8db2e3a41","ssdeep":"192:Z3FiIJVXuWULiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToJ:Z3FiIvXuWULiEWiFiHn1VuexjrHnAym","tlshash":"7b22520409b9ca21c04ca12e207e3666f7240953ad7abfd4bb8941045fde96fb97863f","size":10330,"data":"","first_seen":"2025-12-31T11:16:35.72652Z","last_seen":"2025-12-31T11:16:35.72652Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"d69380b895fddb87915d711b7cf2f95f","sha1":"b145b203b8791bbb9fadd7ded7f1f4f0af006d2a","sha256":"941b4ea7dde159fab76f326e684fec637c3bbc94e536fb642e69b3aedee8eeb6","sha512":"3d3200658fa47f1297c0f4a0af4f448a93a5315b610808e8e1c06f8fdf60bf5b785a15e15f1d6ec50726cbf3cc7aec844f9bb0fa85fdc3bc74262b01a8e0d391","ssdeep":"","tlshash":"b3a024341c1f1cf01100c455134371417013073755444113753f3c004f150037c411df","size":85,"data":"","first_seen":"2025-12-31T11:16:35.727991Z","last_seen":"2025-12-31T11:16:35.727991Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/js/cryptomini.js","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"3f4d9b28c3da1070446821c5e2e01793","sha1":"4c35549b450e99967bbb95f2f9d99aaaa23bb628","sha256":"e7e77fa19f1d2f79163d81e23c611b7cdc8d5bc46ef600aea9374518167a8d94","sha512":"be3c8761542a3cfdcae3974de3096025daf93fcec6b3c6e61b94653045f318eea5082dfe74b18afac43abd8167a945cb992ac726ae90f08d0b961c15238aaf91","ssdeep":"192:8AD8N6YPA+39/aQXQMjr/+yLsOnvnVQ6IG2mjC5oi2b2Y2ENrha+pSfA:836YT39NXQMjr/fLsivVQ6IG2NENrQMn","tlshash":"d912d68461c03ee223cf0677533fe0e5e519994b7ed58c4bba8c28587e94a12df98a35","size":9063,"data":"","first_seen":"2025-11-22T14:29:22.861407Z","last_seen":"2025-12-31T11:16:35.722649Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"8c9f5144a7eb10c010f1ec0ce311440d","sha1":"f2e79318cd842848343efc9ab0bf942546c598e2","sha256":"7f2c0ca9cf29c72279907e5500851bdd19d65ccd5bad2ffe9bf690efb450e229","sha512":"8057e52a2303ebaf5fa5f2c64834be3c85d8447e4b19bb389deba0b81ec132d93816c298655cf7a864e1d114e9705e10c4bdf2a63e2e93d866cc3974674a69f2","ssdeep":"","tlshash":"d90165cb1c56d13c44c210eaa0bfb3bd5512625b7a10ec007c08c5a51e54edbc0774bb","size":738,"data":"","first_seen":"2025-12-31T11:16:35.72901Z","last_seen":"2025-12-31T11:16:35.72901Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"00301529049743e4e7ea9c6e4f7fcdd3","sha1":"9827a3efab9b9d63e713c4e4b253949cf6dee9bf","sha256":"df59994bb372716b2fbc726238abd56d71a2fe6c4780cafc7faf686f4f8c5557","sha512":"52a4fbbfab0604ff1757db9a2b64f7d3db946e8fc81338922a16dde4630844ac9244c30b4c4c973ef1497fb66678d4e69d9ab466040c3ba5c90d63229ac25828","ssdeep":"","tlshash":"80c080775356047405fbd1719a5db7443017004357d159843e6c49701f61953b4505c1","size":171,"data":"","first_seen":"2025-11-22T14:29:22.874656Z","last_seen":"2025-12-31T11:16:35.72987Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"e336e27aa361e1c56415e218dadb00f8","sha1":"297b07b10d6530e04f70e7e7e1cb88e63fcaef7f","sha256":"50cf346bca58ca90feeeefbb5c6dc32795f2a62c98754a65670e4837fcb8dab5","sha512":"56891c924ab28a9ec2c515a2310c56a5569aac76d7388955facf55e90a4a2d1e1f37f6aee9e4d66d9bccfff27a10066911c836f07a3b7c7b6fe1be23ba2e1909","ssdeep":"","tlshash":"34318b2770bb1cb3817766ad2bdbee443319008721c6ee1a3f5c83410fd02685b919da","size":1467,"data":"","first_seen":"2025-11-22T14:29:22.876589Z","last_seen":"2025-12-31T11:16:35.730957Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"introduction_type":"scriptElement","is_inline":false,"md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","size":85379,"data":"","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-03T22:34:53.921235Z","times_seen":13144,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdn.hyperpromote.com/bidvertiser/tags/active/bdvws.js?bvwidgetid=ntv_21026061767179771687\u0026bvlinksownid=2102606\u0026rows=1\u0026cols=2\u0026textpos=left\u0026imagewidth=150\u0026mobilecols=1\u0026cb=1767179771687","fqdn":"cdn.hyperpromote.com","domain":"hyperpromote.com","tld":"com"},"ip":{"addr":"54.240.174.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"c0eeddcf94bc83fa00fa663eff2ea505","sha1":"3954038a4eb83911ffe44dd44ebe695272add6ff","sha256":"706098feb15dd73269dd7eb8892e1992cd23f5a299b17668db4024efd0270403","sha512":"a85ea10471c52334062901ca6d829490e60143334876fc87096e4c0d65ff0f5ff8b489bb0a6eee511870808699921c4031f1409a9856f9c382301fb86c3e3ed0","ssdeep":"384:0oUfCaUcWZcW9c+9cEHMczGcqsYqc/MiG8gPE0IgtvTH2j3laMzVML:0CBlBSZenP1j25fO","tlshash":"a5628455372a44aec863324aa43551e8e5b8f6676f5381cdfcf48c2089f0eca52fca75","size":14750,"data":"","first_seen":"2024-01-30T13:33:54Z","last_seen":"2026-03-04T19:16:35.027707Z","times_seen":33,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"2ca03ad87885ab983541092b87adb299","sha1":"1a17f60bf776a8c468a185c1e8e985c41a50dc27","sha256":"8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762","sha512":"13c412bd66747822c6938926de1c52b0d98659b2ed48249471ec0340f416645ea9114f06953f1ae5f177db03a5d62f1fb5d321b2c4eb17f3a1c865b0a274dc5c","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS","tlshash":"19231ac5a19c605152a774c40d7f704b7463352a070d8aacf668e9eeecfcaea9039d7c","size":48316,"data":"","first_seen":"2023-03-07T01:31:53Z","last_seen":"2026-04-03T20:25:10.423377Z","times_seen":149549,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl28071922.effectivegatecpm.com/86/e5/55/86e555af44dab712030790823552c4b9.js","fqdn":"pl28071922.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"3a7a844e4acfd36a8a4a80f8242ab3d6","sha1":"2f51ca43702f21865ffb99cdeca8a86cbb56eac3","sha256":"780693f9b4ef014a5258a20ec94a3bdf175078eae078fdeb8fd025b2eb778150","sha512":"b992daa9a1b258ee02c0de63db598bc0e103952669d3f8398a4be7c96abea26a0388c4904035a46ebb4ed07553d6b5f077fa696bb57da117c3ccb021e6f44b1b","ssdeep":"1536:x9yUBg8XFOUG/AVTesz3WArOwlNyBv77NzxpQ2jFFwB0jIs:x3B91cqpUhxpJwcIs","tlshash":"fc7309487f82b16b5352a073627fd047f0256f1261dcd498d123e6a86f6c33af636b98","size":78874,"data":"","first_seen":"2025-12-31T11:16:35.712438Z","last_seen":"2025-12-31T11:16:35.712438Z","times_seen":1,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/js/iptv.js","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"4e15bba883a3c20940a1e6d6a49a3a90","sha1":"49f7ee0c4768b461a902d6da938531589ce45ec1","sha256":"4b395b0c33ae5f5990eac7648bcbcdcc755f8119cc09fdf57f257f8f2bf3e24c","sha512":"5284e7a7e8c460a04ea900321f7af51517b0cf3f4f19084090ee1bf1d24d45484b31237554afc59a42ca061583f3063dd8f17e75cf380b28b3a5b71a8a0ff45f","ssdeep":"192:WoYNGBAWJ6+kWUB+WBcGdlDK3hjTp3imxwoZnXdat4b4zMP3nBqHWG7dSqHhC:6GZXkWUB+nw2j1tZXdak4YJqD7oqHhC","tlshash":"9d52b825bcfb1821066bd0767787565ef224501b994bde083e4c43949fc2f60a8af7e9","size":14397,"data":"","first_seen":"2025-11-22T14:29:22.846008Z","last_seen":"2025-12-31T11:16:35.720623Z","times_seen":2,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":false,"md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","size":84384,"data":"","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-03T22:44:50.784024Z","times_seen":10348,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/banner.png","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.798Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/banner.png HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:12 GMT\r\ncontent-type: image/png\r\ncontent-length: 31747\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"675af4e6-7c03\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 7642863\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gFp%2Fkngsa4rvjdA56NbJRzBDOugKg%2BGGGFEtGJIIDyHy3Qq%2FXQ9eCq%2BLUZ3n%2FFx6ZIkYwEyWT7EEI1R0cTkxxJvBIEXOUdzXj0hGLhz7RY8%3D\"}]}\r\ncf-ray: 9b695d0bdcbd5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":31747,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 600 x 400, 8-bit/color RGBA, non-interlaced","md5":"8b80e5aaebd2987d46dd0382da97fdc1","sha1":"bccdfd974f19600eac67f10c43a8d3cd92188aff","sha256":"41f23c36cc8dedef9d191f90f7f85c4aebba6012af7794fdfdf30331df5afe05","sha512":"dbc5a79c4e6b8cc0c1a2a20e857a399e84ff155ce6f68a6de65af23c20d57d7075bf93ba40748fa39942ce84001da19cf5dbd22ab2ab5b4bc3df63d220741e88","ssdeep":"768:oUUUUU2mxm90tQeKC4/cDQ+dexqKogEmXoYIQSR/Fiwecp8wwwwwwwwU:oUUUUU2J+s/cDx73jlp/E7+h","tlshash":"b2e2ae13c4d932371c5a9ded9b6b2b847aa225e320401f7bcf1e1078248b4b5fd27d9a","first_seen":"2025-07-04T18:28:09.276271Z","last_seen":"2026-04-03T08:48:35.528618Z","times_seen":3123,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/recaptcha.gif","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.836Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/recaptcha.gif HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:12 GMT\r\ncontent-type: image/gif\r\ncontent-length: 65140\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:56:01 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: \"68b97041-fe74\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\naccept-ranges: bytes\r\nage: 1225026\r\ncf-cache-status: HIT\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=tJCgQHGZk23gvp4imAaFdjN%2FplVMbrCebGHS7zTVG3CvRXAHq50UDMyldUdt%2BBOt5SMpLyM8ftW9r2IjYzXLsloVyNBhGqBcKnm1HSeAxoU%3D\"}]}\r\ncf-ray: 9b695d0bfd2a5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":65140,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 616 x 164","md5":"a83efb86bdb5d741f6103b69d6979035","sha1":"c944477b467f4aee49b4c86f3622a3519679667c","sha256":"e62a51a868623e3d04ac6c1bf28c3d34dd1e7008b9d62753963b2e2272971774","sha512":"9638afd8bfa476d24261a76a49c0e6df11c39db07cc357025f40660a3140499f234956a6971fce1ef0b61f74edba0f39e54a9a75e81adcbe423415f93dd23709","ssdeep":"1536:pcrveQZWvRPMwQUWJicq8ILNUcB4nReNsnrIfOPBVeD:Orve+WUJohC0fO5QD","tlshash":"4853ce1fc2181eeafc3bcbb6520b8d160a415b751c54c613e6b9f1c5382c5de2b15bae","first_seen":"2024-10-23T13:11:53.403324Z","last_seen":"2026-04-03T08:48:35.547506Z","times_seen":1653,"resource_available":false,"data":null}},"time_used":9,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":4,"receive":5,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:13.679Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"21:10:1E:48:79:6B:E7:49:AB:BB:0E:38:86:C8:4D:74:7B:42:EE:BB","sha256":"0A:58:99:06:D8:BC:1C:BD:3E:CE:EF:7D:D6:D2:50:2D:1E:DE:8F:87:97:56:72:B9:3F:21:88:AC:79:3A:75:03"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 23:52:35 GMT\r\nexpires: Wed, 30 Dec 2026 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 41018\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-03T22:29:59.391883Z","times_seen":713237,"resource_available":false,"data":null}},"time_used":312,"timings":{"blocked":144,"dns":1,"connect":27,"send":0,"wait":15,"receive":8,"ssl":113},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"pl28071922.effectivegatecpm.com/86/e5/55/86e555af44dab712030790823552c4b9.js","fqdn":"pl28071922.effectivegatecpm.com","domain":"effectivegatecpm.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.141Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"effectivegatecpm.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sat, 06 Dec 2025 21:45:50 GMT","end":"Fri, 06 Mar 2026 21:45:49 GMT"},"fingerprint":{"sha1":"4D:1C:0D:DB:A3:77:74:26:85:B0:AD:E4:B7:D6:63:03:F7:70:5B:C1","sha256":"9A:F3:3F:D6:D1:0C:71:F9:29:9F:CD:B5:C6:5A:D8:DC:57:BB:69:1F:2D:12:B6:B9:74:23:CD:5A:2A:D3:FB:BE"}}},"request":{"raw":"GET /86/e5/55/86e555af44dab712030790823552c4b9.js HTTP/1.1\r\nHost: pl28071922.effectivegatecpm.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:11 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 30218\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 5\r\nHost: pl28071922.effectivegatecpm.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ff8e4625f80de0edc6900c909d05e1c4\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":78874,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (65536), with no line terminators","md5":"3a7a844e4acfd36a8a4a80f8242ab3d6","sha1":"2f51ca43702f21865ffb99cdeca8a86cbb56eac3","sha256":"780693f9b4ef014a5258a20ec94a3bdf175078eae078fdeb8fd025b2eb778150","sha512":"b992daa9a1b258ee02c0de63db598bc0e103952669d3f8398a4be7c96abea26a0388c4904035a46ebb4ed07553d6b5f077fa696bb57da117c3ccb021e6f44b1b","ssdeep":"1536:x9yUBg8XFOUG/AVTesz3WArOwlNyBv77NzxpQ2jFFwB0jIs:x3B91cqpUhxpJwcIs","tlshash":"fc7309487f82b16b5352a073627fd047f0256f1261dcd498d123e6a86f6c33af636b98","first_seen":"2025-12-31T11:16:35.712438Z","last_seen":"2025-12-31T11:16:35.712438Z","times_seen":1,"resource_available":true,"data":null}},"time_used":802,"timings":{"blocked":286,"dns":40,"connect":92,"send":0,"wait":101,"receive":93,"ssl":187},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"pl28071922.effectivegatecpm.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/sbar.json?key=86e555af44dab712030790823552c4b9\u0026uuid=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c%3A2%3A1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.207Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /sbar.json?key=86e555af44dab712030790823552c4b9\u0026uuid=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c%3A2%3A1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:12 GMT\r\nContent-Type: text/plain; charset=utf-8\r\nContent-Length: 4518\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\naccess-control-allow-origin: https://iptv.cqshushu.com\r\naccess-control-allow-credentials: true\r\nvary: Accept-Encoding\r\nset-cookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; expires=Wed, 07 Jan 2026 11:16:12 GMT; path=/; secure; SameSite=None\npdhtkv=true; expires=Thu, 01 Jan 2026 11:16:12 GMT; path=/; secure; SameSite=None\nuncs=1; expires=Thu, 01 Jan 2026 11:16:12 GMT; path=/; secure; SameSite=None\npdhtkv29=true; expires=Thu, 01 Jan 2026 11:16:12 GMT; path=/; secure; SameSite=None\nuncs29=1; expires=Thu, 01 Jan 2026 11:16:12 GMT; path=/; secure; SameSite=None\nu_pl27971423=1; expires=Thu, 01 Jan 2026 11:16:12 GMT; path=/; secure; SameSite=None\nslec86e555af44dab712030790823552c4b9=[6308898]; expires=Wed, 31 Dec 2025 11:16:17 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 116\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 5dacb55cf56056f62bb2d8581d6a7782\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":5822,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"JSON text data","md5":"bd7610187c86a3c0e5d3cc5804d9d21c","sha1":"97bc6f424d9bfbef7b1dc48c1d6419408131ddc2","sha256":"4dee704563ee08bb3c803bd88a4e88aefe6dfcfb939c76ac80df3db061af8fcc","sha512":"2ff4c7d1f298021ece6fb55898aeb9aedcf5ba494279112b54311f7f502a800f58798649b86e1ffad73ed47d7d78ef3b2f192afaa66acde7a48f75907750a157","ssdeep":"96:9uIIuzg9NKPHpG2MUai7fVEGAsn1rgacWQ6sCVR0XI1QUE3YPBCBSBMxqF1re6Cu:9vIJKPHpG2DGKrfxXVR0XI1QUEW5/","tlshash":"aac180f5975566554386cc696cda5fb02c82a4878df4c84fc4bfc3ef22ad05c16156cc","first_seen":"2025-12-31T11:16:35.713428Z","last_seen":"2025-12-31T11:16:35.713428Z","times_seen":1,"resource_available":false,"data":null}},"time_used":211,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":210,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=207","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.665Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcdn.show-creative1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Findex.html\u0026l=1524\u0026fd=207 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27971423=1; slec86e555af44dab712030790823552c4b9=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:12 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/magic.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/magic.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:13 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:56 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9703c-affe\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=vhWUBy1bpuuba3bUIrPyT7WtbQ%2BAjk2MfpC2Ips1B9TrRpeq6pysViTR44A26OceYp0t76%2B6zo3UuJwPQuwjvXTrsERdD2FG0xMBgK2CSj4%3D\"}]}\r\ncf-ray: 9b695d0b8be45a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":45054,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"bcd1967f8c2604f55f57197de0ae895e","sha1":"c31a10c3ecde74b50450a0a1ad21aa474ff05e7d","sha256":"787eac5d9417257a04de7b18ef21f5ec887de3aee642ceba9a7d56a8209eea2a","sha512":"b37f1a61bbe740bc29308e664227701366ac978d4fbed081f13c47200edd74a792ab980559a236cff39ae27d3fda3ffffef3f1ac2dc420612b616496b44e9df8","ssdeep":"384:lQLl1pRp0itimTKDbObwHuHXFlF7FPFSWRyYyRZZZaZjZPfbfUO3OipypE:GpRp0itiFbObwHuHXFlF7FPFSWX","tlshash":"b913276b2dd2114086564365a3fe6b2c261c85c31c6becfab3a218ce8f1567c53db61f","first_seen":"2025-06-11T18:18:27.729381Z","last_seen":"2026-04-03T22:44:50.832741Z","times_seen":5423,"resource_available":false,"data":null}},"time_used":602,"timings":{"blocked":59,"dns":33,"connect":5,"send":0,"wait":482,"receive":0,"ssl":19},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/img/close.svg","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.797Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/img/close.svg HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:12 GMT\r\ncontent-type: image/svg+xml\r\nserver: cloudflare\r\nlast-modified: Thu, 12 Dec 2024 14:36:22 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=dVAebAO4PC%2FF5CHtCmfrTw3gKR7NqhFIZwSdtj8aNhboQr8XjpCTp9XblEP%2Fv46GsXT6wkvIr8sRF0mM6fQQ0brNVPojKXbT7WNgI9BJMok%3D\"}]}\r\nage: 1068938\r\ncf-cache-status: HIT\r\netag: W/\"675af4e6-4ff\"\r\ncontent-encoding: br\r\ncf-ray: 9b695d0bdcb75a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":1279,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image","md5":"369850b9873659adf0951d845f57dba1","sha1":"a64257186daa33b6b318943a457b6cf8d80b26b6","sha256":"9630c142a8c074cc1809ebf4109538cf29cc0baeb6c27726191f1cf5376e2e21","sha512":"6441b40e85c86e21362c7061a6b9610f52a5c801b274b246711546ad45c68c3e7f2f242f1621b90967eaeebf52709545d06283c2015d6b9ad7f6f7d37fb14a88","ssdeep":"","tlshash":"6821d8dc958f223ef324ff6189b316606ba423f6bb18c5bcb199a8157e1cb910c48e14","first_seen":"2023-04-07T22:39:47Z","last_seen":"2026-04-03T22:34:53.923725Z","times_seen":8716,"resource_available":false,"data":null}},"time_used":7,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":7,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=486","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:13.399Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fjs%2Fscript.js\u0026l=8051\u0026fd=486 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27971423=1; slec86e555af44dab712030790823552c4b9=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:13 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":95,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/impr.gif?sid=H4sIAAAAAAAC_1SSzWskRRjGq7Pxoge_Vm_CIB5WNJPq6Z4v9xCN2Ugwm8RslggetLqqelKmp6u3qnt6MqdoQPYYD4KKh84zyQbXRdyjB3GZeAsqzp5y2CD4DwjKguBBJhlYfA7v-za_PrzP89Yne9kp8ZCxk5WruqeiiE1Xy7R0aV3FQue2tLRWcmmZXi6tq7jmXy51R8V0XnM9v0xfLr0l-aaerlCXUpe6pXllZKi702cUKrnTdMtNWvYrZbfqo2v-_20zB5Y5EJ1T8gyUGD75R_geFB8gbn83J-1mqpNXr7SziKXaoCMOr8ebsc5jtB-NoXEQxofjv6HtkJDPJ6Djw7ED6M7-yAECNSQTzz9AEB-O10TQOTjfNIggYwTiCeSdAWQ0gGIDcL0DJX4jABdYWkbcvrWkTc62zikb0SGZfPgXVD4kkw8uIm5_OxupbumajrJU6diiGxZQ3QFUa4AkO0Lac6DyI_D0YyjxC5l-uIi4vb9sIw0lTl6SDVqrM59PNTmtTPnCl1MNVnenQt_j1aBeFazCzyJS4QDMTiCzDjLlIAsdZImDtjgp-bThc5d5tbApeJ36zPeFDGizUaGUNXkdGf8ISuyCm20kZhubahcmuwe7UcAKBzYl6IgCuSTILUHOCHJFkKcEeac4EJGt2OKWiGwWuONeGXev6Ou0tccOdNqSMQEzuzCi2FfJDbsDnl7o90Ir-npUWJAWfRaIYi85JU-P4nRu__o-NuVJqVGT1WqVhb4vWFB3K9Sj9SZtVLxqtcL9oAmrCig7AWYd9NSQrL5zBYkakqmfP0PAjmCjI3D1HFj2AlhegG0U6MV3VZJ2yvyG3cjsRlbmug2hCyTpJNItZy86Jc_2V9dm752d9oO5FyH58ev0n3efCq7eBzcFElPgQ_UTQSu62V_VOdlf1bkld5eTVLVVj43Ofi1lqZy8_bbcyrURC3N29-s3-AiMxjtr0qaLLBYqblnyzawSQpp5bbgkPyzYdRmsZHZjNjNxliyuvDm_0E6MtFbpeACmhuTxr14BV0Ny8dLM2ZOu_v07eLINmxzPfP_FSF_CaoIgcRApgkgek7HAggJWPvITyOMf_zxne_YmWsYBS3cQtwt0TIFOVIBFu7DZhX6amOOZ-96ZEEROP4iMsx9EJvr0PCerTkqhJyuc0ka95nqNULqeL3hYbfhNUWPU8yRSO1TXH_v3vwAAAP__1mafi3UEAAA=","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:13.668Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /impr.gif?sid=H4sIAAAAAAAC_1SSzWskRRjGq7Pxoge_Vm_CIB5WNJPq6Z4v9xCN2Ugwm8RslggetLqqelKmp6u3qnt6MqdoQPYYD4KKh84zyQbXRdyjB3GZeAsqzp5y2CD4DwjKguBBJhlYfA7v-za_PrzP89Yne9kp8ZCxk5WruqeiiE1Xy7R0aV3FQue2tLRWcmmZXi6tq7jmXy51R8V0XnM9v0xfLr0l-aaerlCXUpe6pXllZKi702cUKrnTdMtNWvYrZbfqo2v-_20zB5Y5EJ1T8gyUGD75R_geFB8gbn83J-1mqpNXr7SziKXaoCMOr8ebsc5jtB-NoXEQxofjv6HtkJDPJ6Djw7ED6M7-yAECNSQTzz9AEB-O10TQOTjfNIggYwTiCeSdAWQ0gGIDcL0DJX4jABdYWkbcvrWkTc62zikb0SGZfPgXVD4kkw8uIm5_OxupbumajrJU6diiGxZQ3QFUa4AkO0Lac6DyI_D0YyjxC5l-uIi4vb9sIw0lTl6SDVqrM59PNTmtTPnCl1MNVnenQt_j1aBeFazCzyJS4QDMTiCzDjLlIAsdZImDtjgp-bThc5d5tbApeJ36zPeFDGizUaGUNXkdGf8ISuyCm20kZhubahcmuwe7UcAKBzYl6IgCuSTILUHOCHJFkKcEeac4EJGt2OKWiGwWuONeGXev6Ou0tccOdNqSMQEzuzCi2FfJDbsDnl7o90Ir-npUWJAWfRaIYi85JU-P4nRu__o-NuVJqVGT1WqVhb4vWFB3K9Sj9SZtVLxqtcL9oAmrCig7AWYd9NSQrL5zBYkakqmfP0PAjmCjI3D1HFj2AlhegG0U6MV3VZJ2yvyG3cjsRlbmug2hCyTpJNItZy86Jc_2V9dm752d9oO5FyH58ev0n3efCq7eBzcFElPgQ_UTQSu62V_VOdlf1bkld5eTVLVVj43Ofi1lqZy8_bbcyrURC3N29-s3-AiMxjtr0qaLLBYqblnyzawSQpp5bbgkPyzYdRmsZHZjNjNxliyuvDm_0E6MtFbpeACmhuTxr14BV0Ny8dLM2ZOu_v07eLINmxzPfP_FSF_CaoIgcRApgkgek7HAggJWPvITyOMf_zxne_YmWsYBS3cQtwt0TIFOVIBFu7DZhX6amOOZ-96ZEEROP4iMsx9EJvr0PCerTkqhJyuc0ka95nqNULqeL3hYbfhNUWPU8yRSO1TXH_v3vwAAAP__1mafi3UEAAA= HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27971423=1; slec86e555af44dab712030790823552c4b9=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:13 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nset-cookie: iprc_l+84f5711029fca89489116988499f4326=6308898; expires=Thu, 01 Jan 2026 11:16:13 GMT; path=/; secure; SameSite=None\niprc_l:6308898=1; expires=Thu, 01 Jan 2026 11:16:13 GMT; path=/; secure; SameSite=None\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 4722fe8a341a0b8a38dc377d998c2803\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":96,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"flushpersist.com/pxf.gif?uuid=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=86e555af44dab712030790823552c4b9\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=11","fqdn":"flushpersist.com","domain":"flushpersist.com","tld":"com"},"ip":{"addr":"172.240.127.234","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.372Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"flushpersist.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 22:13:33 GMT","end":"Sat, 28 Mar 2026 22:13:32 GMT"},"fingerprint":{"sha1":"A3:08:82:4A:9A:ED:6E:4C:29:FC:10:0D:1D:8F:8B:68:0E:D0:49:72","sha256":"B4:01:36:5D:F9:70:75:BF:F6:56:67:76:BB:CC:A2:D3:BA:69:61:33:56:FC:C7:21:69:6E:04:BE:95:D7:B2:F5"}}},"request":{"raw":"GET /pxf.gif?uuid=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c\u0026eb=bff3d6bf6d16c0bb5e58232c1a99ef63\u0026te=fe015aeda515c30449c87b1701cc307f\u0026ua=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64%3B%20rv%3A134.0)%20Gecko%2F20100101%20Firefox%2F134.0\u0026dev=e\u0026res=14.3095\u0026b_frame=0\u0026pk=86e555af44dab712030790823552c4b9\u0026bl=en-US\u0026sr=1024x1280\u0026sz=1024x1280\u0026hjs=11 HTTP/1.1\r\nHost: flushpersist.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:12 GMT\r\nContent-Type: image/gif\r\nContent-Length: 1\r\nConnection: keep-alive\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\nx-envoy-upstream-service-time: 0\r\nHost: flushpersist.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: e2ba277e0167abdacb7638ccbd6f6435\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":699,"timings":{"blocked":301,"dns":14,"connect":94,"send":0,"wait":96,"receive":0,"ssl":190},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"flushpersist.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/jquery.min.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.838Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/jquery.min.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:12 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=DlB6rHfrLXJg9ylqPmSFVRhyziTT2%2FBPbptUpF8fW%2FqC2%2B29OqsVzlhHt0l6We2WpGhBvAgNMpgVie%2B0CWD5sylPM9rLANF2p7QXeIirfws%3D\"}]}\r\nage: 1223275\r\ncf-cache-status: HIT\r\netag: W/\"68b9703b-149a0\"\r\ncontent-encoding: br\r\ncf-ray: 9b695d0c0d3b5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":84384,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (32025), with CRLF line terminators","md5":"6326c600df01e3bfb9b40e1aa08176f8","sha1":"6b4fb754d29b297b539bf62ba9b4eaf0f33f314a","sha256":"df34524351c5fabc921a89183b5da5667aebd7b9e9a1c52255c76ff722935ea3","sha512":"641aaeecb9b89bcc319cabfef18f76faa9b1ba79f9de30c6d07f22d385fc78ac3f11a718fe9ec96f8a13d82e3dff4ca34944ccb449a4ef8e378ad65dfad581c0","ssdeep":"1536:oP10iSi65U/dXXeyhzeBuG+HYE0mdDuJO1z6Oy4sh3J1x72BjmN7TwpDKba98Hri:f+41hJiz6fhdlTqya98Hri","tlshash":"eb83d6d9b2c67062977734b851bf510bb17a98dab40c8c60f0a4d8e47eb4a8d517bf2c","first_seen":"2023-03-07T01:10:11Z","last_seen":"2026-04-03T22:44:50.784024Z","times_seen":10348,"resource_available":true,"data":null}},"time_used":8,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":8,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.hyperpromote.com/bidvertiser/tags/active/bdvws.js?bvwidgetid=ntv_21026061767179771687\u0026bvlinksownid=2102606\u0026rows=1\u0026cols=2\u0026textpos=left\u0026imagewidth=150\u0026mobilecols=1\u0026cb=1767179771687","fqdn":"cdn.hyperpromote.com","domain":"hyperpromote.com","tld":"com"},"ip":{"addr":"54.240.174.96","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.696Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdn.hyperpromote.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M03","organization":"Amazon"},"validity":{"start":"Thu, 14 Aug 2025 00:00:00 GMT","end":"Fri, 11 Sep 2026 23:59:59 GMT"},"fingerprint":{"sha1":"C6:26:C3:1B:8D:FD:45:EE:93:BD:AB:57:E1:1B:7E:D2:CF:13:B9:2A","sha256":"35:05:FB:F0:0D:04:AA:06:C9:21:ED:51:9B:36:A3:A0:01:A6:A1:9E:BD:D1:99:55:7E:16:99:A6:9A:8C:60:7F"}}},"request":{"raw":"GET /bidvertiser/tags/active/bdvws.js?bvwidgetid=ntv_21026061767179771687\u0026bvlinksownid=2102606\u0026rows=1\u0026cols=2\u0026textpos=left\u0026imagewidth=150\u0026mobilecols=1\u0026cb=1767179771687 HTTP/1.1\r\nHost: cdn.hyperpromote.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: application/javascript\r\ncontent-length: 14750\r\nserver: Microsoft-IIS/10.0\r\nlast-modified: Fri, 26 Jan 2024 07:28:28 GMT\r\naccept-ranges: bytes\r\ndate: Wed, 31 Dec 2025 08:36:57 GMT\r\netag: \"8dc4d5412950da1:0\"\r\nx-cache: Hit from cloudfront\r\nvia: 1.1 4bbc14b5834fc74ccd249b954b43a08c.cloudfront.net (CloudFront)\r\nx-amz-cf-pop: OSL50-P1\r\nx-amz-cf-id: eVZK5t0IgE0gViNmyKLreD9uQzZ7SbRrkM79V9xF4k6lihTy8SuflQ==\r\nage: 18805\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"IIS:10.0","description":"Internet Information Services (IIS) is an extensible web server software created by Microsoft for use with the Windows NT family.","website":"https://www.iis.net","common_platform_enumeration":"cpe:2.3:a:microsoft:internet_information_server:*:*:*:*:*:*:*:*","icon":"Microsoft.svg","categories":["Web servers"]},{"name":"Windows Server","description":"Windows Server is a brand name for a group of server operating systems.","website":"https://microsoft.com/windowsserver","common_platform_enumeration":"","icon":"WindowsServer.png","categories":["Operating systems"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":14750,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (489), with CRLF line terminators","md5":"c0eeddcf94bc83fa00fa663eff2ea505","sha1":"3954038a4eb83911ffe44dd44ebe695272add6ff","sha256":"706098feb15dd73269dd7eb8892e1992cd23f5a299b17668db4024efd0270403","sha512":"a85ea10471c52334062901ca6d829490e60143334876fc87096e4c0d65ff0f5ff8b489bb0a6eee511870808699921c4031f1409a9856f9c382301fb86c3e3ed0","ssdeep":"384:0oUfCaUcWZcW9c+9cEHMczGcqsYqc/MiG8gPE0IgtvTH2j3laMzVML:0CBlBSZenP1j25fO","tlshash":"a5628455372a44aec863324aa43551e8e5b8f6676f5381cdfcf48c2089f0eca52fca75","first_seen":"2024-01-30T13:33:54Z","last_seen":"2026-03-04T19:16:35.027707Z","times_seen":33,"resource_available":true,"data":null}},"time_used":584,"timings":{"blocked":288,"dns":151,"connect":1,"send":0,"wait":2,"receive":3,"ssl":136},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.695Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /1e/e3/36/1ee3363d3f6736b5616821dca2afa5c7.js HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:12 GMT\r\nContent-Type: application/javascript\r\nContent-Length: 3403\r\nConnection: keep-alive\r\ncontent-encoding: gzip\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccess-control-allow-origin: *\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 1\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: ab0eba621af4e012d0d5851cf13b3130\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]},{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":6454,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, ASCII text, with very long lines (6454), with no line terminators","md5":"81c010ddfde2faeaf1c598844287df5a","sha1":"cd0fb06af4d1e8878a8c2c8d0311892ef13ff47b","sha256":"44442357bcab05b20364ed17aae2a3ae173b906529612b0e2f7d2217a76e51ab","sha512":"0acadda1dc3bba9f6178ba54356f2aed3dba23fbaf3b53b683fc5dd78eeff47a63ec7815ffbdb1e07041b274646eaa0a71ada2500f181775833f40761fc7cac8","ssdeep":"96:A9+XCx+8Ixmzn2ySej3zqIDNcxE6204l4sNm+E/0NK4Amfnqkk7lDAP2CwU6:A6Cg/S2yPXXWxW04fNPw6K4Amf4DAPA","tlshash":"13d1859c3e80b0a057b26077b97fa019b3696c50657fd80cd012b1a03e7562ad9bbba5","first_seen":"2025-12-01T12:09:20.892186Z","last_seen":"2026-01-29T12:50:40.978548Z","times_seen":4063,"resource_available":true,"data":null}},"time_used":735,"timings":{"blocked":317,"dns":26,"connect":94,"send":0,"wait":98,"receive":1,"ssl":195},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/css/style.css","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.672Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/css/style.css HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:13 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 13:25:46 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\netag: W/\"68b9935a-18f3\"\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=uYw98OSdqUojUIMS3iXShRtJdxzrkogCaau%2FikNW8sll4mT42Pfhl5UoGLvwfOA%2FOLEmakvDujfyvsoStX%2F0CGRc3NLkesP8WXLtrDV6qVI%3D\"}]}\r\ncf-ray: 9b695d0b8bda5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":6387,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text","md5":"20b72d2b5d691275f5e1f201c54208eb","sha1":"a8082db410892a8b50274eeb812fe58c04e5e407","sha256":"476950bbfeccfbd5ad93c5ad69d5192e62e9eb9e3e03dfc2447c98c7bb5634e6","sha512":"5702a11b753960144f8debcbbff5ad272f00543b6b8bd71a440fb28945bf4d81bd75cc1a08fa531e10efe8aa8dbcb6305dc882e12b8854ccb6f88b62dbeb934d","ssdeep":"96:1zlzMUmWCfICX6zXXgCfUKOtAYiY5mnM0pfiUpznL4OHBCHL+OCBhEkuCo1cCJ0v:LMZnincKOyXnMsIM0M9X4U4H4vFEa","tlshash":"ebd130a617650204740bd8563d126f17a3688053ef0fd9b86ed2244cceca6ce56f378f","first_seen":"2025-09-21T13:47:45.281723Z","last_seen":"2026-04-03T08:48:35.532529Z","times_seen":1613,"resource_available":false,"data":null}},"time_used":587,"timings":{"blocked":56,"dns":32,"connect":1,"send":0,"wait":472,"receive":0,"ssl":22},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"fonts.googleapis.com/css?family=Roboto:300,400,700\u0026display=swap","fqdn":"fonts.googleapis.com","domain":"fonts.googleapis.com","tld":"googleapis.com"},"ip":{"addr":"142.250.178.106","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.795Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_256_GCM_SHA384","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"upload.video.google.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"43:D3:3F:93:6C:4F:F7:67:58:9D:D5:48:20:4C:74:A2:69:DB:13:9F","sha256":"8C:DB:D2:85:E1:AB:12:7B:1D:5A:65:A7:EC:22:67:6F:B3:A6:65:01:28:29:FA:D2:3B:01:8D:10:7E:4D:09:52"}}},"request":{"raw":"GET /css?family=Roboto:300,400,700\u0026display=swap HTTP/1.1\r\nHost: fonts.googleapis.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: text/css; charset=utf-8\r\nvary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site\r\naccess-control-allow-origin: *\r\ntiming-allow-origin: *\r\nlink: \u003chttps://fonts.gstatic.com\u003e; rel=preconnect; crossorigin\r\nstrict-transport-security: max-age=31536000\r\nexpires: Wed, 31 Dec 2025 11:16:12 GMT\r\ndate: Wed, 31 Dec 2025 11:16:12 GMT\r\ncache-control: private, max-age=86400\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin-allow-popups\r\ncontent-encoding: gzip\r\nserver: ESF\r\nx-xss-protection: 0\r\nx-frame-options: SAMEORIGIN\r\nx-content-type-options: nosniff\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":16755,"size_decoded":0,"mime_type":"text/css; charset=utf-8","magic":"ASCII text, with very long lines (1572)","md5":"1f04e9e49d52374a409de4887e47180d","sha1":"8fee2f920567a574448d1aa6565c95951b68f9b5","sha256":"10cf0680b9dc5b310d265479bcebc5b380474bf2e8da9361cf8be458d183994e","sha512":"5fde8f721343e9c6254229e791ed64d6b47f28fad7690f7c83fa8c29e3112d0974f65ae0c63f09acd3e026dcb56c4de3fe0ffe37c464eb326b0495aa6c03b31c","ssdeep":"384:pKf5KgKPKrKyUK/qY4+K4KYKpKfMK1KWK6KyhK/qY4XKNKtK4KfdKkKDK3KyQK/9:pCJmwBUiRDfMTcfFBhiEymdmtC0BQiVb","tlshash":"df7210a1041750009b834ce223cebf35fe1f52117152d0b5abfdab6b9dcbc66526939d","first_seen":"2025-11-19T00:20:32.486705Z","last_seen":"2026-02-19T22:23:13.628811Z","times_seen":6025,"resource_available":false,"data":null}},"time_used":275,"timings":{"blocked":110,"dns":1,"connect":17,"send":0,"wait":34,"receive":0,"ssl":110},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/css/iptv.css","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.136Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iptv.cqshushu.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Nov 2025 00:27:49 GMT","end":"Mon, 02 Feb 2026 01:27:47 GMT"},"fingerprint":{"sha1":"D5:94:99:48:EB:4F:86:92:AA:D0:83:BC:ED:1F:7A:10:42:08:6E:97","sha256":"71:84:DE:45:BC:13:29:1F:C2:45:44:26:E6:77:A8:66:A6:EC:0F:8E:54:70:9D:A1:03:E8:E9:40:79:3D:C6:F5"}}},"request":{"raw":"GET /css/iptv.css HTTP/1.1\r\nHost: iptv.cqshushu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: PHPSESSID=a8hlkr3nuunsier35qh4m8ghda\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:11 GMT\r\ncontent-type: text/css\r\nserver: cloudflare\r\nlast-modified: Sat, 22 Nov 2025 07:31:19 GMT\r\npriority: u=2,i=?0\r\nvary: Accept-Encoding\r\netag: \"692166c7-d1e8\"\r\nexpires: Wed, 31 Dec 2025 23:16:11 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: REVALIDATED\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=jRssu5ZnTyMmeza4Q630xRTCQ8pd%2B1atE3kkcMaFA00txWthAvwlTLhf0c6Gh6Nbpq5vTb1%2FpnBCP12ijTD44TrgXM7mj6nFVlffunFIlJAi\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b695d015f9bc272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":53736,"size_decoded":0,"mime_type":"text/css","magic":"Unicode text, UTF-8 text, with very long lines (359)","md5":"bd2b0bc30bc0b476581355017c7e56d4","sha1":"aa6aca10979cfa1abde7c7ed0211da90f209a4cc","sha256":"5e94a00257a8a9a355e40be1e719441689cd6440fd4229799fdad1b5ff893452","sha512":"5eac7f48b4d68807677cd5cac8209c89e09a3330bf2e790d1c3abb0436c4fb5081887c690393a66d46f64c8ce503daea3da266b42420884387cee66e3d023ad8","ssdeep":"384:nSG9wz+SxoGKJ3GDwXB2w43Q39m7VMFpwDitH0G:mz+SxoGyDXq3o9m7VMFpwutUG","tlshash":"a7335256eae318967417c5682bbfeba6333c9143c04ade7d3f6c72a48f443a85461f48","first_seen":"2025-12-31T11:16:35.71913Z","last_seen":"2025-12-31T11:16:35.71913Z","times_seen":1,"resource_available":false,"data":null}},"time_used":553,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":552,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/ren.gif?sid=H4sIAAAAAAAC_1SSzWskRRjGq7Pxoge_Vm_CIB5WNJOe_piZdg_RmI0Es0nMZongQaurqidlerp6q7qnJ3OKBmSP8SCoeOg8k2xwXcQ9ehCXibeg4uwphw2C_4CgLAgeZJKBxefwvm_z68P7PG99spefEhc5PVm5qnoyjum0X7Url9ZlwlVhKktrlZpdtS9X1mVS9y5XuqOiO6_VXK9qv1x5S7BNNe3YNduu2bXKvNQiUt3pMwqZ3glq1cCuek615nvo6v9_m9yCoRZ455Q8A8mHT_4RvQfJBkja380Js5mp9NUr7TymmdLo8MPryWaiigTtR2OkLUTJ4fhvKDMk5PMJqORw7ACqsz9ygFAOycTzDxAmh-M1EXYOzjcNY4gEIX8CRWcAEQ8g6QBM7UDy3wjAOJaWkbRvLSld0K1zSkd0SCYf_gVZDMnkg4tI2t_OxrJbuabiPJMqMehGJWR3ANkaIM2PkPUsyOIILPsYkv9Cph8uImnvL5tYQfKTl0TTrjeox6YCZjtTHvfEVJM2alOR5zI_bPicOuwsIhkNQM0EcmMhlxbyyEKeWmjzk4pnNz1Wo249Cjhr2B71PC5CO2g6tk0D1kDOPoLku2B6G6nexqbchc7vwWyUMNyCyQg6vEQhCApDUFCCQhIUGUHRKQ94bBxT3uKxycPauDvj7pZ9lbX26IHKWiIhoHoXmpf7Mr1hdsCyC_1eZHhfjQoNs7JPQ17upafk6VGc1u1f38emOKk068L3fRp5Hqdho-bYrt0I7Kbj-r7DvDCAkSWkmQA1FnpySFbfuYJUDsnUz58hpEcw8RGYfA40fwG0KEE3SvSSuzLNOlV2w2zkZiOvMtUGVyXSbBLZlrUXn5Jn-6trs_fOTvvB3IsQ7Ph1-593nwqv3gfTJVJd4kP5E0ErvtlfVQXZX1WFIXeX00y2ZY-Ozn4to5mYvP222CqU5gtzZvfrN9gIjMY7a8JkizThMmkZ8s2s5FzoeaWZID8smHURruRmYzbXSZ4urrw5v9BOtTBGqmQAKofk8a9eAZNDcvHSzNmT9v_-HSzdhkmPZ77_YqQvYRRBmFqIJUEsjslYoGEJIx75CcXxj3-esz1zEy1tgWY7SNolOrpEJy5B412Y_EI_S_XxzH33TAhjqx_G2toPYx1_ep6TkScV3wnderNZF1GdRy53HZcHvi0CjwZ1L_B8ZGYorz_2738BAAD__yoOD1V1BAAA","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.424Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /ren.gif?sid=H4sIAAAAAAAC_1SSzWskRRjGq7Pxoge_Vm_CIB5WNJOe_piZdg_RmI0Es0nMZongQaurqidlerp6q7qnJ3OKBmSP8SCoeOg8k2xwXcQ9ehCXibeg4uwphw2C_4CgLAgeZJKBxefwvm_z68P7PG99spefEhc5PVm5qnoyjum0X7Url9ZlwlVhKktrlZpdtS9X1mVS9y5XuqOiO6_VXK9qv1x5S7BNNe3YNduu2bXKvNQiUt3pMwqZ3glq1cCuek615nvo6v9_m9yCoRZ455Q8A8mHT_4RvQfJBkja380Js5mp9NUr7TymmdLo8MPryWaiigTtR2OkLUTJ4fhvKDMk5PMJqORw7ACqsz9ygFAOycTzDxAmh-M1EXYOzjcNY4gEIX8CRWcAEQ8g6QBM7UDy3wjAOJaWkbRvLSld0K1zSkd0SCYf_gVZDMnkg4tI2t_OxrJbuabiPJMqMehGJWR3ANkaIM2PkPUsyOIILPsYkv9Cph8uImnvL5tYQfKTl0TTrjeox6YCZjtTHvfEVJM2alOR5zI_bPicOuwsIhkNQM0EcmMhlxbyyEKeWmjzk4pnNz1Wo249Cjhr2B71PC5CO2g6tk0D1kDOPoLku2B6G6nexqbchc7vwWyUMNyCyQg6vEQhCApDUFCCQhIUGUHRKQ94bBxT3uKxycPauDvj7pZ9lbX26IHKWiIhoHoXmpf7Mr1hdsCyC_1eZHhfjQoNs7JPQ17upafk6VGc1u1f38emOKk068L3fRp5Hqdho-bYrt0I7Kbj-r7DvDCAkSWkmQA1FnpySFbfuYJUDsnUz58hpEcw8RGYfA40fwG0KEE3SvSSuzLNOlV2w2zkZiOvMtUGVyXSbBLZlrUXn5Jn-6trs_fOTvvB3IsQ7Ph1-593nwqv3gfTJVJd4kP5E0ErvtlfVQXZX1WFIXeX00y2ZY-Ozn4to5mYvP222CqU5gtzZvfrN9gIjMY7a8JkizThMmkZ8s2s5FzoeaWZID8smHURruRmYzbXSZ4urrw5v9BOtTBGqmQAKofk8a9eAZNDcvHSzNmT9v_-HSzdhkmPZ77_YqQvYRRBmFqIJUEsjslYoGEJIx75CcXxj3-esz1zEy1tgWY7SNolOrpEJy5B412Y_EI_S_XxzH33TAhjqx_G2toPYx1_ep6TkScV3wnderNZF1GdRy53HZcHvi0CjwZ1L_B8ZGYorz_2738BAAD__yoOD1V1BAAA HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27971423=1; slec86e555af44dab712030790823552c4b9=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:12 GMT\r\nContent-Type: image/gif\r\nContent-Length: 7\r\nConnection: keep-alive\r\naccess-control-allow-origin: *\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\np3p: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\naccept-ch: Device-Stock-UA,Sec-CH-UA,Sec-CH-UA-Full-Version,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version,Sec-CH-UA-PlatformUser-Agent,User-Agent,X-Device-User-Agent,X-OperaMini-Phone-UA,X-UCBrowser-Device-UA\r\nx-envoy-upstream-service-time: 2\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: 0adf73bb3d196c2e4adf2267222fc49e\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]},{"name":"Envoy","description":"Envoy is an open-source edge and service proxy, designed for cloud-native applications.","website":"https://www.envoyproxy.io/","common_platform_enumeration":"cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*","icon":"Envoy.png","categories":["Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"image/gif","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":98,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":96,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=546","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:13.205Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fstyle.css\u0026l=6387\u0026fd=546 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27971423=1; slec86e555af44dab712030790823552c4b9=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:13 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdn.show-creative1.com/sb/interstitial/utility/robot/3/index.html","fqdn":"cdn.show-creative1.com","domain":"show-creative1.com","tld":"com"},"ip":{"addr":"172.67.208.42","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.428Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"show-creative1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Fri, 05 Dec 2025 21:44:28 GMT","end":"Thu, 05 Mar 2026 22:42:58 GMT"},"fingerprint":{"sha1":"32:E8:D3:D8:57:3D:77:06:14:B5:AE:66:6B:E6:23:35:25:11:2C:25","sha256":"65:65:A6:2D:1D:7A:E9:EF:3F:02:AB:E8:2B:83:22:39:7B:1B:99:BB:3D:AE:E4:D2:5F:AB:C5:32:3B:21:23:C3"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/index.html HTTP/1.1\r\nHost: cdn.show-creative1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:12 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: max-age=315360000, public\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=Wiu5yKhadbUuB90aSrn5ZjSXUe0vAOp0RdAyx5V0INfIeuKf2Y%2Bw1r1MCRycx2YUtqZpCF7jez%2BogiwUA%2BnhhycWIGn628diEYqAR04n2H3knXnn\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b695d0a1fe2b4fa-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"jQuery","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]}],"data":{"size":1524,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"9dc0a25dabbe4de856fe02152e69ab75","sha1":"d8a184a181424a51a758b262927e6c0aba7b2b15","sha256":"8c71a26417b0ad5884462cf96135d8aaf1012b9ead37bdf5b505e51dcfd3d173","sha512":"c28042db79a340dea9f66b3c4ed465fa38ea7b152549cd518ee00415109f70eb28602dee1fd4ca9b8ce4810354fe7fc7bfa1ec271cb8cfbe59c2efc58a0de182","ssdeep":"","tlshash":"a231495529fccb26118361e63f702f7ba984e943895b8440b2bd4a908be7ec5cd5720b","first_seen":"2025-09-21T13:47:45.272345Z","last_seen":"2026-04-03T08:48:35.531423Z","times_seen":1687,"resource_available":false,"data":null}},"time_used":268,"timings":{"blocked":68,"dns":34,"connect":1,"send":0,"wait":132,"receive":0,"ssl":29},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=558","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:13.216Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbls?bv=\u0026tmpl=482\u0026u=https%3A%2F%2Fcreative-sb1.com%2Fsb%2Finterstitial%2Futility%2Frobot%2F3%2Fcss%2Fmagic.css\u0026l=45054\u0026fd=558 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27971423=1; slec86e555af44dab712030790823552c4b9=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:13 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":180,"timings":{"blocked":84,"dns":0,"connect":0,"send":0,"wait":96,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/js/iptv.js","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.175Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iptv.cqshushu.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Nov 2025 00:27:49 GMT","end":"Mon, 02 Feb 2026 01:27:47 GMT"},"fingerprint":{"sha1":"D5:94:99:48:EB:4F:86:92:AA:D0:83:BC:ED:1F:7A:10:42:08:6E:97","sha256":"71:84:DE:45:BC:13:29:1F:C2:45:44:26:E6:77:A8:66:A6:EC:0F:8E:54:70:9D:A1:03:E8:E9:40:79:3D:C6:F5"}}},"request":{"raw":"GET /js/iptv.js HTTP/1.1\r\nHost: iptv.cqshushu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: PHPSESSID=a8hlkr3nuunsier35qh4m8ghda\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:11 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sat, 01 Nov 2025 13:14:54 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"690607ce-386b\"\r\nexpires: Wed, 31 Dec 2025 23:16:11 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=gbrDZFR3ImLs7lhKXtwGeoi0JVw44MqdZVm0%2FnqNcxYFEsyq9syQJKHHEKOlwXRXhizkRyzkEglsckGUmxUPoaL0mfZVGH2%2BZd955HYDBlWU\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b695d019842c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":14443,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"4e15bba883a3c20940a1e6d6a49a3a90","sha1":"49f7ee0c4768b461a902d6da938531589ce45ec1","sha256":"4b395b0c33ae5f5990eac7648bcbcdcc755f8119cc09fdf57f257f8f2bf3e24c","sha512":"5284e7a7e8c460a04ea900321f7af51517b0cf3f4f19084090ee1bf1d24d45484b31237554afc59a42ca061583f3063dd8f17e75cf380b28b3a5b71a8a0ff45f","ssdeep":"192:WoYNGBAWJ6+kWUB+WBcGdlDK3hjTp3imxwoZnXdat4b4zMP3nBqHWG7dSqHhC:6GZXkWUB+nw2j1tZXdak4YJqD7oqHhC","tlshash":"9d52b825bcfb1821066bd0767787565ef224501b994bde083e4c43949fc2f60a8af7e9","first_seen":"2025-11-22T14:29:22.846008Z","last_seen":"2025-12-31T11:16:35.720623Z","times_seen":2,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":539,"receive":7,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"creative-sb1.com/sb/interstitial/utility/robot/3/js/script.js","fqdn":"creative-sb1.com","domain":"creative-sb1.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.909Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"creative-sb1.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Thu, 25 Dec 2025 22:26:15 GMT","end":"Wed, 25 Mar 2026 23:23:44 GMT"},"fingerprint":{"sha1":"05:E7:A3:19:D2:55:91:F8:B7:45:48:72:0B:86:C7:0C:2C:CA:27:03","sha256":"14:76:91:36:84:B6:CF:C4:0A:BA:6F:14:80:F9:C7:77:48:3B:08:A3:C8:48:DC:0F:F6:CE:86:72:BB:CC:0B:06"}}},"request":{"raw":"GET /sb/interstitial/utility/robot/3/js/script.js HTTP/1.1\r\nHost: creative-sb1.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:13 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Thu, 04 Sep 2025 10:55:55 GMT\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: accept-encoding\r\nexpires: Thu, 31 Dec 2037 23:55:55 GMT\r\ncache-control: public, max-age=315360000\r\naccess-control-allow-origin: *\r\naccess-control-expose-headers: Date\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=ZRfvvmbkPvH6LJGII38QOHC4DuhrwylouJ2A0atOvXE3U%2Bpvafg1Zq4C2QzjOGDou%2Fjwf8YrawzZ5nJ24lzrA3DwM%2BONGIQALPod7cenlEg%3D\"}]}\r\ncf-cache-status: MISS\r\netag: W/\"68b9703b-2762\"\r\ncontent-encoding: br\r\ncf-ray: 9b695d0caeac5a0f-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":10082,"size_decoded":0,"mime_type":"application/javascript","magic":"Unicode text, UTF-8 text","md5":"efffc36bcbcc0aaea3978474151a0122","sha1":"f9b9c23faef40025dcfe3f1dfdb158ce2855b83b","sha256":"4da2338ad196c676f6a310b1b91f8e4c3e513fa07cb3b7022ca9ecc4868db398","sha512":"52afe7b12764a6297e3cb430eca352a3d778802b79e3cbeb4a2c22b0e070496abd9bfb78823573aa1e4a0bff1f52f79dd9ab92a55341324c175c3ce811d01aeb","ssdeep":"192:iFJuLiEWiFiacrcYmen1VuOTlmGFF3bH/fA68IDeIToS:iFMLiEWiFiHn1VuexjrHnAyF","tlshash":"2222420409b9d921c45ca02f203e2666f7240a539d7abfd4bbc941045fdd96f79b823f","first_seen":"2025-09-21T13:47:45.283292Z","last_seen":"2026-04-03T08:48:35.55204Z","times_seen":1576,"resource_available":false,"data":null}},"time_used":482,"timings":{"blocked":1,"dns":0,"connect":0,"send":0,"wait":481,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"creative-sb1.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"kettledroopingcontinuation.com/pixel/sbs?c=1","fqdn":"kettledroopingcontinuation.com","domain":"kettledroopingcontinuation.com","tld":"com"},"ip":{"addr":"172.240.127.244","port":443,"asn":7979,"as":"SERVERS-COM","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:13.670Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"kettledroopingcontinuation.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Thu, 25 Dec 2025 21:42:11 GMT","end":"Wed, 25 Mar 2026 21:42:10 GMT"},"fingerprint":{"sha1":"DD:BF:7F:13:B7:AA:5E:41:65:09:9E:F1:FE:42:C4:9A:00:0B:F4:E6","sha256":"FE:3B:B4:EE:8B:60:30:E2:9F:CB:E9:E2:06:C0:A4:2E:FF:35:D3:22:85:14:1C:B8:13:CD:72:FB:EA:5C:E9:98"}}},"request":{"raw":"GET /pixel/sbs?c=1 HTTP/1.1\r\nHost: kettledroopingcontinuation.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; pdhtkv=true; uncs=1; pdhtkv29=true; uncs29=1; u_pl27971423=1; slec86e555af44dab712030790823552c4b9=[6308898]\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:13 GMT\r\nContent-Length: 0\r\nConnection: keep-alive\r\nHost: kettledroopingcontinuation.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nCache-Control: no-cache\r\nAccess-Control-Allow-Origin: *\r\nAccess-Control-Allow-Methods: GET, POST, OPTIONS\r\nAccess-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Upgrade-Insecure-Requests,C-High-Entropy-Values\r\nAccess-Control-Expose-Headers: Content-Length,Content-Range\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/plain","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-03T22:31:02.952373Z","times_seen":13306102,"resource_available":true,"data":null}},"time_used":94,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":94,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"quad9","sensor_type":"DNS","title":"Quad9 DNS","description":"Quad9 DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS","link":"https://www.quad9.net","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"kettledroopingcontinuation.com","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"cdnjs.cloudflare.com/ajax/libs/crypto-js/4.1.1/crypto-js.min.js","fqdn":"cdnjs.cloudflare.com","domain":"cloudflare.com","tld":"com"},"ip":{"addr":"104.17.24.14","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.140Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"cdnjs.cloudflare.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Sat, 15 Nov 2025 20:49:06 GMT","end":"Fri, 13 Feb 2026 21:49:04 GMT"},"fingerprint":{"sha1":"9A:71:C8:6F:E2:4B:9A:91:7D:C8:4A:1D:79:98:2F:97:C1:85:D8:79","sha256":"4E:C5:BB:7A:81:A0:D9:00:73:8D:D5:57:59:3D:A0:C3:D3:BE:62:18:4E:6F:6D:98:DA:F0:90:94:5E:E0:0B:63"}}},"request":{"raw":"GET /ajax/libs/crypto-js/4.1.1/crypto-js.min.js HTTP/1.1\r\nHost: cdnjs.cloudflare.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:11 GMT\r\ncontent-type: application/javascript; charset=utf-8\r\ncontent-length: 13972\r\ncf-ray: 9b695d017c9c56a8-OSL\r\naccess-control-allow-origin: *\r\ncache-control: public, max-age=30672000\r\ncontent-encoding: br\r\netag: \"61182885-3694\"\r\nlast-modified: Sat, 14 Aug 2021 20:33:09 GMT\r\ncross-origin-resource-policy: cross-origin\r\ntiming-allow-origin: *\r\nx-content-type-options: nosniff\r\ncf-cdnjs-via: cfworker/kv\r\nvary: Accept-Encoding\r\ncf-cache-status: HIT\r\nage: 1069066\r\nexpires: Mon, 21 Dec 2026 11:16:11 GMT\r\naccept-ranges: bytes\r\nreport-to: {\"endpoints\":[{\"url\":\"https:\\/\\/a.nel.cloudflare.com\\/report\\/v4?s=v%2Fp5Oqq%2BssdcSEI0%2BfHGS974s02dY3ft7YhhgU6yWVmuHt5MG8Ej8E93szCrZUKvWCcWjylawUNV5H0FzNUuuYTYDvcr9SVv6XeVpuulK%2BuHBXkL7hSc9jo0v46BVQ1GtduXWqNC\"}],\"group\":\"cf-nel\",\"max_age\":604800}\r\nnel: {\"success_fraction\":0.01,\"report_to\":\"cf-nel\",\"max_age\":604800}\r\nstrict-transport-security: max-age=15780000\r\nserver: cloudflare\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":48316,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (48316), with no line terminators","md5":"2ca03ad87885ab983541092b87adb299","sha1":"1a17f60bf776a8c468a185c1e8e985c41a50dc27","sha256":"8e3b0117f4df4be452c0b6af5b8f0a0acf9d4ade23d08d55d7e312af22077762","sha512":"13c412bd66747822c6938926de1c52b0d98659b2ed48249471ec0340f416645ea9114f06953f1ae5f177db03a5d62f1fb5d321b2c4eb17f3a1c865b0a274dc5c","ssdeep":"768:J1Z4iiyfiD78x6l42SWRV4HC0o10LEnM9OT81agZnEpnS:vZYDc6lXJd1mZpZEdS","tlshash":"19231ac5a19c605152a774c40d7f704b7463352a070d8aacf668e9eeecfcaea9039d7c","first_seen":"2023-03-07T01:31:53Z","last_seen":"2026-04-03T20:25:10.423377Z","times_seen":149549,"resource_available":true,"data":null}},"time_used":27,"timings":{"blocked":-1,"dns":1,"connect":1,"send":0,"wait":11,"receive":1,"ssl":11},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/js/cryptomini.js","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.173Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iptv.cqshushu.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Nov 2025 00:27:49 GMT","end":"Mon, 02 Feb 2026 01:27:47 GMT"},"fingerprint":{"sha1":"D5:94:99:48:EB:4F:86:92:AA:D0:83:BC:ED:1F:7A:10:42:08:6E:97","sha256":"71:84:DE:45:BC:13:29:1F:C2:45:44:26:E6:77:A8:66:A6:EC:0F:8E:54:70:9D:A1:03:E8:E9:40:79:3D:C6:F5"}}},"request":{"raw":"GET /js/cryptomini.js HTTP/1.1\r\nHost: iptv.cqshushu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: PHPSESSID=a8hlkr3nuunsier35qh4m8ghda\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:11 GMT\r\ncontent-type: application/javascript\r\nserver: cloudflare\r\nlast-modified: Sat, 01 Nov 2025 13:13:30 GMT\r\npriority: u=3,i=?0\r\nvary: Accept-Encoding\r\netag: W/\"6906077a-2367\"\r\nexpires: Wed, 31 Dec 2025 23:16:11 GMT\r\ncache-control: max-age=43200\r\ncontent-encoding: gzip\r\ncf-cache-status: MISS\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=%2BkweLQSPPdYoNAyIp9qN8kVgfOHlojvPlLBalaz6f%2F4l0ANJ0AcIjAPvMktLaoJDOhFe5NImjAlY3iJmWho5oJq7mOgHCtH8oQyBCRKX1Knx\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncf-ray: 9b695d019834c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":9063,"size_decoded":0,"mime_type":"application/javascript","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (9041), with no line terminators","md5":"3f4d9b28c3da1070446821c5e2e01793","sha1":"4c35549b450e99967bbb95f2f9d99aaaa23bb628","sha256":"e7e77fa19f1d2f79163d81e23c611b7cdc8d5bc46ef600aea9374518167a8d94","sha512":"be3c8761542a3cfdcae3974de3096025daf93fcec6b3c6e61b94653045f318eea5082dfe74b18afac43abd8167a945cb992ac726ae90f08d0b961c15238aaf91","ssdeep":"192:8AD8N6YPA+39/aQXQMjr/+yLsOnvnVQ6IG2mjC5oi2b2Y2ENrha+pSfA:836YT39NXQMjr/fLsivVQ6IG2NENrQMn","tlshash":"d912d68461c03ee223cf0677533fe0e5e519994b7ed58c4bba8c28587e94a12df98a35","first_seen":"2025-11-22T14:29:22.861407Z","last_seen":"2025-12-31T11:16:35.722649Z","times_seen":2,"resource_available":true,"data":null}},"time_used":537,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":523,"receive":14,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"preferencenail.com/sfp.js","fqdn":"preferencenail.com","domain":"preferencenail.com","tld":"com"},"ip":{"addr":"185.196.197.71","port":443,"asn":39572,"as":"DataWeb Global Group B.V.","country":"The Netherlands","country_code":"NL"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.686Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"preferencenail.com","organization":""},"issuer":{"commonName":"R12","organization":"Let's Encrypt"},"validity":{"start":"Sun, 28 Dec 2025 23:36:36 GMT","end":"Sat, 28 Mar 2026 23:36:35 GMT"},"fingerprint":{"sha1":"0E:EE:1D:ED:80:5A:CA:0C:1E:93:89:94:78:B7:34:91:38:D4:89:51","sha256":"CF:77:1B:FB:04:67:32:02:DF:D9:38:24:27:3D:A5:98:54:0C:4D:BA:C5:1B:62:FD:C1:E1:17:57:6F:63:B3:BF"}}},"request":{"raw":"GET /sfp.js HTTP/1.1\r\nHost: preferencenail.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 200 OK\r\nServer: nginx/1.21.6\r\nDate: Wed, 31 Dec 2025 11:16:11 GMT\r\nContent-Type: application/javascript; charset=utf-8\r\nContent-Length: 32181\r\nConnection: keep-alive\r\nContent-Encoding: gzip\r\nP3P: CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"\r\nAccess-Control-Allow-Origin: *\r\nVary: Accept-Encoding\r\nHost: preferencenail.com\r\nExpires: Thu, 01 Jan 1970 00:00:01 GMT\r\nX-Request-ID: c8a81b6ee7967977b6cffeac511edb36\r\nCache-Control: no-cache, max-age=0, private, no-cache\r\nPragma: no-cache\r\nStrict-Transport-Security: max-age=0; includeSubdomains\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Nginx:1.21.6","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":85379,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, Unicode text, UTF-8 text, with very long lines (65529), with no line terminators","md5":"b3a5ba94d627e64a77c0e11eaffc96ed","sha1":"f7358693b31e44211dd98b5aa0dc2a3f423286aa","sha256":"600f01dd96f043e58e0e70a82afbba6ffe0923d836f6293c1e6fc1cb5b074d34","sha512":"64800bcce3e1a65638dfedfe22f205b51725865db3332be95a142e39e4cb40f57358d0c4c01ebb366b8da56aa978b6c7ee992e2c27563bac76c3998014c3d64b","ssdeep":"1536:nPncLBSUBULrSVvTfMtfj3FkdFcE5PnoRC:nPncLBSUBULGVTfGpucE5foM","tlshash":"488395807ac06488d3979b7bb73bf4eaf65a299f38c4044bd100fc48b69562af9f5534","first_seen":"2025-11-18T17:36:30.149277Z","last_seen":"2026-04-03T22:34:53.921235Z","times_seen":13144,"resource_available":true,"data":null}},"time_used":263,"timings":{"blocked":112,"dns":54,"connect":18,"send":0,"wait":20,"receive":18,"ssl":38},"alerts":{"ids":null,"analyzer":[{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"dns4eu","sensor_type":"DNS","title":"DNS4EU","description":"DNS4EU","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://www.joindns4.eu/","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-12-31","alert":"Sinkholed","trigger":"preferencenail.com","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/favicon.ico","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:12.130Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iptv.cqshushu.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Nov 2025 00:27:49 GMT","end":"Mon, 02 Feb 2026 01:27:47 GMT"},"fingerprint":{"sha1":"D5:94:99:48:EB:4F:86:92:AA:D0:83:BC:ED:1F:7A:10:42:08:6E:97","sha256":"71:84:DE:45:BC:13:29:1F:C2:45:44:26:E6:77:A8:66:A6:EC:0F:8E:54:70:9D:A1:03:E8:E9:40:79:3D:C6:F5"}}},"request":{"raw":"GET /favicon.ico HTTP/1.1\r\nHost: iptv.cqshushu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nCookie: PHPSESSID=a8hlkr3nuunsier35qh4m8ghda; dom3ic8zudi28v8lr6fgphwffqoz0j6c=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c%3A2%3A1\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/3 404 Not Found\r\ndate: Wed, 31 Dec 2025 11:16:12 GMT\r\ncontent-type: text/html\r\nserver: cloudflare\r\npriority: u=6,i=?0\r\ncache-control: max-age=14400\r\ncf-cache-status: EXPIRED\r\nvary: accept-encoding\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=7ljxDLMmw3hXGN0b0x2lVJtOSzVxS9PQc5BndBqO0GPu3uUsGhcWi%2Fc6EUjyz7GlU7vMFqM7Ttktjdl6rZSGrbelxhXM56nPVVovnXg3MqAD\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\ncf-ray: 9b695d07cf32c272-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nserver-timing: cfExtPri\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":138,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text","md5":"7389d931c86b3d7bb6b8af46d8c4172b","sha1":"8d2a4760aa0b47984d11cd1a66448719177fb791","sha256":"301bd9f16f94feedfae7a946a14bac38cb73c43efe6117bc5586835af03d7d6f","sha512":"dd6d1511e4fcd5bc09d821ffe091fb5946ac9654c48664aed504e479e9ac20c1cad44b6df90f42190d47e28f5f96bfb09d24056df6b950243d68ee8100a9a889","ssdeep":"","tlshash":"d9c09b5d755366449913155167c33641d196837f689a84510941c593f0cf69ac4c73a9","first_seen":"2023-03-13T12:56:15Z","last_seen":"2026-04-03T22:32:13.278871Z","times_seen":243749,"resource_available":true,"data":null}},"time_used":546,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":546,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fonts.gstatic.com/s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2","fqdn":"fonts.gstatic.com","domain":"gstatic.com","tld":"com"},"ip":{"addr":"142.250.178.67","port":443,"asn":15169,"as":"GOOGLE","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"font","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:13.676Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.gstatic.com","organization":""},"issuer":{"commonName":"WE2","organization":"Google Trust Services"},"validity":{"start":"Wed, 03 Dec 2025 15:54:11 GMT","end":"Wed, 25 Feb 2026 15:54:10 GMT"},"fingerprint":{"sha1":"21:10:1E:48:79:6B:E7:49:AB:BB:0E:38:86:C8:4D:74:7B:42:EE:BB","sha256":"0A:58:99:06:D8:BC:1C:BD:3E:CE:EF:7D:D6:D2:50:2D:1E:DE:8F:87:97:56:72:B9:3F:21:88:AC:79:3A:75:03"}}},"request":{"raw":"GET /s/roboto/v50/KFO7CnqEu92Fr1ME7kSn66aGLdTylUAMa3yUBA.woff2 HTTP/1.1\r\nHost: fonts.gstatic.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: application/font-woff2;q=1.0,application/font-woff;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: identity\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://fonts.googleapis.com/\r\nSec-Fetch-Dest: font\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\naccept-ranges: bytes\r\naccess-control-allow-origin: *\r\ncontent-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes\r\ncross-origin-resource-policy: cross-origin\r\ncross-origin-opener-policy: same-origin; report-to=\"apps-themes\"\r\nreport-to: {\"group\":\"apps-themes\",\"max_age\":2592000,\"endpoints\":[{\"url\":\"https://csp.withgoogle.com/csp/report-to/apps-themes\"}]}\r\ntiming-allow-origin: *\r\ncontent-length: 40128\r\nx-content-type-options: nosniff\r\nserver: sffe\r\nx-xss-protection: 0\r\ndate: Tue, 30 Dec 2025 23:52:35 GMT\r\nexpires: Wed, 30 Dec 2026 23:52:35 GMT\r\ncache-control: public, max-age=31536000\r\nage: 41018\r\nlast-modified: Tue, 18 Nov 2025 19:00:07 GMT\r\ncontent-type: font/woff2\r\nalt-svc: h3=\":443\"; ma=2592000,h3-29=\":443\"; ma=2592000\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40128,"size_decoded":0,"mime_type":"font/woff2","magic":"Web Open Font Format (Version 2), TrueType, length 40128, version 1.0","md5":"9a01b69183a9604ab3a439e388b30501","sha1":"8ed1d59003d0dbe6360481017b44665153665fbe","sha256":"20b535fa80c8189e3b87d1803038389960203a886d502bc2ef1857affc2f38d2","sha512":"0e6795255b6eea00b5403fd7e3b904d52776d49ac63a31c2778361262883697943aedcb29feee85694ba6f19eaa34dddb9a5bfe7118f4a25b4757e92c331feca","ssdeep":"768:Vce3jkow68wmT4IBX0tXdlSirS61gSjcz0GPwHbP+w2jec56O:VcI/iEEEtXdFJj+0GPwHbP+w5rO","tlshash":"3703023a5e3ccf1a84157a703950f6d9a8481e548e9d143b4f1ac7bf085dde2209b6d4","first_seen":"2025-01-08T22:59:02.845106Z","last_seen":"2026-04-03T22:29:59.391883Z","times_seen":713237,"resource_available":false,"data":null}},"time_used":247,"timings":{"blocked":107,"dns":1,"connect":14,"send":0,"wait":15,"receive":18,"ssl":89},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"iptv.cqshushu.com/","fqdn":"iptv.cqshushu.com","domain":"cqshushu.com","tld":"com"},"ip":{"addr":"188.114.97.1","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-12-31T11:16:08.974Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"iptv.cqshushu.com","organization":""},"issuer":{"commonName":"WE1","organization":"Google Trust Services"},"validity":{"start":"Tue, 04 Nov 2025 00:27:49 GMT","end":"Mon, 02 Feb 2026 01:27:47 GMT"},"fingerprint":{"sha1":"D5:94:99:48:EB:4F:86:92:AA:D0:83:BC:ED:1F:7A:10:42:08:6E:97","sha256":"71:84:DE:45:BC:13:29:1F:C2:45:44:26:E6:77:A8:66:A6:EC:0F:8E:54:70:9D:A1:03:E8:E9:40:79:3D:C6:F5"}}},"request":{"raw":"GET / HTTP/1.1\r\nHost: iptv.cqshushu.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:10 GMT\r\ncontent-type: text/html; charset=UTF-8\r\nserver: cloudflare\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\nvary: Accept-Encoding\r\nset-cookie: PHPSESSID=a8hlkr3nuunsier35qh4m8ghda; path=/\r\nexpires: Thu, 19 Nov 1981 08:52:00 GMT\r\ncache-control: no-store, no-cache, must-revalidate\r\npragma: no-cache\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=qQ1yNE3OgbMhE68hjf7IvAtEvdOxVh%2FRrcjaVmQIQ6kJu%2FgmdRMuBX8G5V6VMHMJAplX9AIhuNE4P%2B7ZgslgvidEzcuj8rMVbJQwe8lsXA%3D%3D\"}]}\r\ncf-cache-status: DYNAMIC\r\ncontent-encoding: br\r\ncf-ray: 9b695cf44dfeb500-OSL\r\nalt-svc: h3=\":443\"; ma=86400\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"PHP","description":"PHP is a general-purpose scripting language used for web development.","website":"https://php.net","common_platform_enumeration":"cpe:2.3:a:php:php:*:*:*:*:*:*:*:*","icon":"PHP.svg","categories":["Programming languages"]},{"name":"cdnjs","description":"cdnjs is a free distributed JS library delivery service.","website":"https://cdnjs.com","common_platform_enumeration":"","icon":"cdnjs.svg","categories":["CDN"]},{"name":"crypto-js:4.1.1","description":"crypto-js is a JavaScript library of crypto standards.","website":"https://github.com/brix/crypto-js","common_platform_enumeration":"","icon":"default.svg","categories":["JavaScript libraries"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]}],"data":{"size":38276,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"HTML document, Unicode text, UTF-8 text, with very long lines (478)","md5":"8bb0e0ce07c1c612f1d437676ded40ef","sha1":"00c59f6fa949bb1534cbbd5b7bc9a8f7d7f86db0","sha256":"03d12be96d27b70f800807d086dba9e65f4124e6ebee0e0ea87dbec064879bad","sha512":"f4eabe6847976fb588f26d59814df35dd390a38aba7adc141dbf88cd5fa44890c589d3d4bc9589fae28bee450cc2ba2f7365f22fe8c6fd0769c7ace35f3b9ce6","ssdeep":"768:O7iSOVbm3un9RbnG1d47y4q7yeaekacdvfHCQTUm7GCh3x:BHpm3un9RbG1d47fekacdvfHCQrB","tlshash":"e303d510bcf4656b005784cabaa2bf5eaeb06203d1400c55b9dd4ff50f96fb6a52326f","first_seen":"2025-12-31T11:16:35.724684Z","last_seen":"2025-12-31T11:16:35.724684Z","times_seen":1,"resource_available":false,"data":null}},"time_used":1953,"timings":{"blocked":28,"dns":2,"connect":3,"send":0,"wait":1897,"receive":0,"ssl":20},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"protrafficinspector.com/stats","fqdn":"protrafficinspector.com","domain":"protrafficinspector.com","tld":"com"},"ip":{"addr":"3.66.182.197","port":443,"asn":16509,"as":"AMAZON-02","country":"Germany","country_code":"DE"},"is_navigation_request":false,"resource_type":"xhr","requested_by":"https://iptv.cqshushu.com/","date":"2025-12-31T11:16:11.694Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA256","protocol":"TLSv1.2","cert":{"subject":{"commonName":"traffinspector.com","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M01","organization":"Amazon"},"validity":{"start":"Wed, 19 Nov 2025 00:00:00 GMT","end":"Fri, 18 Dec 2026 23:59:59 GMT"},"fingerprint":{"sha1":"11:9F:BE:35:27:7B:7B:85:C9:B3:FF:0E:CA:F6:0D:13:B0:A9:A0:BB","sha256":"81:A4:38:32:0D:BC:66:C8:7B:6D:08:BC:93:91:76:73:A2:BD:D0:53:3C:BF:2F:FD:B8:87:00:C6:EC:3B:6C:77"}}},"request":{"raw":"GET /stats HTTP/1.1\r\nHost: protrafficinspector.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nOrigin: https://iptv.cqshushu.com\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://iptv.cqshushu.com/\r\nSec-Fetch-Dest: empty\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 31 Dec 2025 11:16:11 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 40\r\nserver: fasthttp\r\naccess-control-allow-origin: https://iptv.cqshushu.com\r\nvary: Origin\r\naccess-control-allow-credentials: true\r\nset-cookie: uid_id2=e8067a4c-9c02-4d4e-8a71-f43c5b75da2c:2:1; expires=Sat, 29 Dec 2035 11:16:11 GMT; secure; SameSite=None\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":40,"size_decoded":0,"mime_type":"text/html; charset=UTF-8","magic":"ASCII text, with no line terminators","md5":"9b1ef4a73ea1755e0a0ba2e027715e63","sha1":"43d33eb2e947b1a08d3f3f6c5add600be7c70bee","sha256":"160d4c7ca24dcb0eaa4985351db5a1449643d1cbf94816d45e519a30eb1a2d98","sha512":"8ba9de18d5b2f43de57db5e01933a4c7488668c7fc2f734e34565e285495c898b2317a077b5c31a687b971298dda85e52654cb025f0a45dce4fc6154f3be58f6","ssdeep":"","tlshash":"239004755c17447110505000407013c51c5443dd1755455c3751dcdcccd147550c440d","first_seen":"2025-12-31T11:16:35.725622Z","last_seen":"2025-12-31T11:16:35.725622Z","times_seen":1,"resource_available":false,"data":null}},"time_used":216,"timings":{"blocked":96,"dns":19,"connect":23,"send":0,"wait":22,"receive":1,"ssl":53},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}