{"report_id":"894d153e-8052-49a9-815d-b3e50d1a3b01","version":6,"status":"done","tags":[],"date":"2025-10-08T20:42:27Z","url":{"schema":"http","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.12.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"final":{"url":{"schema":"https","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"title":"Webmail"},"submit":{"url":{"schema":"http","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.12.141","port":0,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"tags":["openphish"],"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-11-12T20:42:27Z","useragent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0","referer":"","cookies":null,"exit_node":"z0yflva4pidy47h"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":7}},"detection":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-08","alert":"Phishing - Webmail Providers","trigger":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","verdict":"phishing","severity":"medium","comment":"Webmail Providers","link":"https://openphish.com","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-01-08","alert":"Phishing - Other","trigger":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-08","alert":"Phishing Block","trigger":"straight-balloon-big.on-fleek.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null},"summary":[{"fqdn":"alphatrade-options.com","ip":{"addr":"86.107.77.158","port":443,"asn":207913,"as":"Next Level Business Srl","country":"Romania","country_code":"RO"},"domain_registered":"2023-10-23","domain_rank":0,"first_seen":"2020-08-05T06:26:24Z","last_seen":"2025-10-06T20:26:50.05472Z","alert_count":0,"request_count":1,"received_data":415,"sent_data":470,"comment":"","tags":null,"fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}]},{"fqdn":"straight-balloon-big.on-fleek.app","ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"domain_registered":"2023-07-28","domain_rank":0,"first_seen":"2025-01-24T13:37:29.953603Z","last_seen":"2025-09-22T05:19:14.086695Z","alert_count":7,"request_count":1,"received_data":163106,"sent_data":518,"comment":"","tags":null,"fingerprints":[{"name":"Django","description":"Django is a Python-based free and open-source web application framework.","website":"https://djangoproject.com","common_platform_enumeration":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","icon":"Django.png","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"IPFS","description":"IPFS is a peer-to-peer hypermedia protocol that provides a distributed hypermedia web.","website":"https://ipfs.tech/","common_platform_enumeration":"","icon":"IPFS.svg","categories":["Network storage"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]},{"fqdn":"code.jquery.com","ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"domain_registered":"2005-12-10","domain_rank":4915,"first_seen":"2012-05-21T17:28:02Z","last_seen":"2025-10-05T22:13:43.313629Z","alert_count":0,"request_count":1,"received_data":86170,"sent_data":489,"comment":"","tags":null,"fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}]},{"fqdn":"ik.imagekit.io","ip":{"addr":"54.240.174.104","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"domain_registered":"2016-01-17","domain_rank":153981,"first_seen":"2017-04-02T12:17:08Z","last_seen":"2025-10-05T23:58:04.598157Z","alert_count":0,"request_count":1,"received_data":56007,"sent_data":488,"comment":"","tags":null,"fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"ImageKit","description":"ImageKit is a real-time image and video transformation, optimization, and delivery service with built-in digital asset management, powered by a global CDN.","website":"https://imagekit.io/","common_platform_enumeration":"","icon":"ImageKit.svg","categories":["CDN","Digital asset management"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}]},{"fqdn":"fac.corp.fortinet.com","ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"domain_registered":"2001-02-16","domain_rank":1096827,"first_seen":"2017-10-16T05:55:10Z","last_seen":"2025-10-07T12:15:27.704801Z","alert_count":0,"request_count":1,"received_data":820,"sent_data":516,"comment":"","tags":null,"fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}]}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":null}],"analyzer":null,"urlquery":null},"javascript":{"script":[{"url":{"schema":"https","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"0a18dbfb856e33fcea42e5a8db3458d0","sha1":"bf7f679ff888573c6855b41a5b19661badcebbfe","sha256":"3b5e8e9c897749a5b1360d449e0e0df9c2d01ea87cca28c9d93282e6570ced72","sha512":"da57682424adb84feab620359c3630bc4bef1010cc24628f6481159116754212192c0b60e120b7717a35012bf87da4183f3ae4eef3b7b9fcf1d87f9d4baf1714","ssdeep":"","tlshash":"04e04f4a9140246022f33826df123129b16344ef981be930350d93657f106af93739ca","size":348,"data":"","first_seen":"2023-03-07T01:12:06Z","last_seen":"2026-04-05T10:47:39.649528Z","times_seen":9285,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.4.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"introduction_type":"scriptElement","is_inline":false,"md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","size":85578,"data":"","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-06T10:09:45.641385Z","times_seen":267528,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"aa049e2749b8531cb8f233c2f64fc2b2","sha1":"b611a5a62c1813ae5b4763378b3a4a565556530a","sha256":"e52e51d5897d7a179089ddcf8f5de7aeb3ef4f27b054b63e937cf308b685c9e2","sha512":"fa951f3911de780608d6235a597758320388dff58cf18dd584a6941ac88cc36cac7d52caa72b678ee6f4dff47ee23955ab282714d03e713ae2bed4cb73a3c14e","ssdeep":"","tlshash":"71a0128471d6e4004b7320e40437448490396c60348c848051048c721c651108236c1c","size":79,"data":"","first_seen":"2023-04-11T21:38:58Z","last_seen":"2026-04-06T10:09:45.765016Z","times_seen":207881,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"Function","is_inline":false,"md5":"29d0c84b9d1d8da446a6062c6a840ad9","sha1":"6d6b3a6065667c7c50d92f3889c85ed65a9ad784","sha256":"3c3cbdb71d0d2c22f504f4d63d8a6ffe8d250cde7e58300619be35b6bbab26a1","sha512":"52cfcbf2f7c3521c5a6c6120099ee6822d16e04ffbc04720da925a11242c8c2050f9cfc8d864a6d39a0036ac599f701080195a29a7c5e8d3e9308b91f9f0390f","ssdeep":"","tlshash":"428004d533c350004753117c04571cc4d034447014444d405040d4531c570315115c7c","size":37,"data":"","first_seen":"2023-04-11T21:31:25Z","last_seen":"2026-04-06T10:11:10.802941Z","times_seen":600289,"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"introduction_type":"scriptElement","is_inline":true,"md5":"bf03e3371135f9e0354c3e3629da96e5","sha1":"17cf6766da8db6b88662891204c93c66c56afd20","sha256":"0cb4c3151be44e208d11d4534da9532f9b562c42169ab4a7b4b87139b9f81c4d","sha512":"510ab931c07a42776d95cf7b0a4d1237ff08c00b355136524e6872c0d53e22708d2e6456af156d7c0bd4abef43f7fb5658c758f6818ddfaafa9e0e220a455b0d","ssdeep":"3072:yyZTcpVvUbtZvZb5dFBWAuCoZrbwnKT5cb/1qkJg/qr8B3FWYzDHYK6ygnv9om:yMTSvUHFW3ZZrbwnKT5c715Jg/qr8B1M","tlshash":"3fe332c177c6bc81124717b6731bb5f9e92a4eac708918caf114bc94f0bda16fad0a71","size":148182,"data":"","first_seen":"2025-01-24T13:37:31.174787Z","last_seen":"2026-01-20T02:14:13.314779Z","times_seen":8,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"alphatrade-options.com/git/rand/favicon.png","fqdn":"alphatrade-options.com","domain":"alphatrade-options.com","tld":"com"},"ip":{"addr":"86.107.77.158","port":443,"asn":207913,"as":"Next Level Business Srl","country":"Romania","country_code":"RO"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://straight-balloon-big.on-fleek.app/asigzeqpcc5.html","date":"2025-10-08T20:42:03.000Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"autodiscover.alphatrade-options.com","organization":""},"issuer":{"commonName":"R13","organization":"Let's Encrypt"},"validity":{"start":"Sat, 27 Sep 2025 22:01:05 GMT","end":"Fri, 26 Dec 2025 22:01:04 GMT"},"fingerprint":{"sha1":"84:F3:B6:F2:6B:71:86:F9:51:BF:9D:D3:DD:3A:DC:A0:DC:99:39:15","sha256":"F9:1E:F0:A4:3A:D3:9A:BC:BA:FF:3F:10:E9:4D:26:BE:39:D7:B9:C9:3F:14:FB:36:46:68:E4:FD:D1:17:0D:09"}}},"request":{"raw":"GET /git/rand/favicon.png HTTP/1.1\r\nHost: alphatrade-options.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://straight-balloon-big.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 404 Not Found\r\ncache-control: private, no-cache, no-store, must-revalidate, max-age=0\r\npragma: no-cache\r\ncontent-type: text/html\r\ncontent-length: 1251\r\ndate: Wed, 08 Oct 2025 20:42:03 GMT\r\nserver: LiteSpeed\r\nalt-svc: h3=\":443\"; ma=2592000, h3-29=\":443\"; ma=2592000, h3-Q050=\":443\"; ma=2592000, h3-Q046=\":443\"; ma=2592000, h3-Q043=\":443\"; ma=2592000, quic=\":443\"; ma=2592000; v=\"43,46\"\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"LiteSpeed","description":"LiteSpeed is a high-scalability web server.","website":"https://litespeedtech.com","common_platform_enumeration":"cpe:2.3:a:litespeedtech:litespeed_web_server:*:*:*:*:*:*:*:*","icon":"LiteSpeed.svg","categories":["Web servers"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":100,"timings":{"blocked":0,"dns":0,"connect":21,"send":0,"wait":28,"receive":0,"ssl":51},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","fqdn":"straight-balloon-big.on-fleek.app","domain":"on-fleek.app","tld":"app"},"ip":{"addr":"104.26.13.141","port":443,"asn":13335,"as":"CLOUDFLARENET","country":"","country_code":"zz"},"is_navigation_request":true,"resource_type":"document","requested_by":"","date":"2025-10-08T20:42:02.022Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.on-fleek.app","organization":""},"issuer":{"commonName":"E5","organization":"Let's Encrypt"},"validity":{"start":"Tue, 19 Aug 2025 19:24:10 GMT","end":"Mon, 17 Nov 2025 19:24:09 GMT"},"fingerprint":{"sha1":"20:87:B1:3A:6C:13:14:E4:33:CA:FF:FA:92:CF:52:57:7B:0B:BF:0B","sha256":"F3:58:8D:7C:FD:FA:60:C4:BF:7F:11:C1:02:E6:6C:09:94:89:01:31:DE:3B:66:CD:4B:12:48:5C:4F:7D:A4:D9"}}},"request":{"raw":"GET /asigzeqpcc5.html HTTP/1.1\r\nHost: straight-balloon-big.on-fleek.app\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ndate: Wed, 08 Oct 2025 20:42:02 GMT\r\ncontent-type: text/html\r\ncf-ray: 98b87662e96c56c6-OSL\r\ncf-cache-status: HIT\r\naccess-control-allow-origin: *\r\nage: 29901\r\ncache-control: max-age=60, stale-while-revalidate=3600\r\nlast-modified: Wed, 08 Oct 2025 12:23:40 GMT\r\nserver: cloudflare\r\nstrict-transport-security: max-age=31536000; includeSubDomains\r\nvary: Accept-Encoding\r\naccess-control-allow-headers: Content-Type, Range, User-Agent, X-Requested-With\r\naccess-control-allow-methods: GET,HEAD,OPTIONS\r\naccess-control-expose-headers: Content-Length, Content-Range, X-Chunked-Output, X-Ipfs-Path, X-Ipfs-Roots, X-Stream-Output\r\naccess-control-max-age: 86400\r\ncontent-security-policy: upgrade-insecure-requests\r\nreferrer-policy: strict-origin-when-cross-origin\r\nx-cache-status: HIT\r\nx-content-type-options: nosniff\r\nx-ipfs-path: /ipfs/bafybeicexrskfwr7oa2axod452rpkbaahajmeldvw52s46ft4j2smab5nq/asigzeqpcc5.html/\r\nx-ipfs-roots: bafybeicexrskfwr7oa2axod452rpkbaahajmeldvw52s46ft4j2smab5nq,bafkreicupjgkbcs7mq4dvzfuvoaqdvsy7nr36vwyovr3glc3zpy2vqxuhe\r\nx-request-id: a123a955c4bb4670af1dfc6f3efd2f7d\r\nx-xss-protection: 0\r\nreport-to: {\"group\":\"cf-nel\",\"max_age\":604800,\"endpoints\":[{\"url\":\"https://a.nel.cloudflare.com/report/v4?s=TI0MXSJVsWuPSN6YCanKh%2Bb7RZ8zByvkHOqpj4K1i7jr3x0a7EcxodEu9V7NsdDIV94J1mE%2BVSgeidGqskb9CmxFHL9soZpp2tQXk3HL%2BhTNcWppZVsJPPLzD1LqGg%3D%3D\"}]}\r\nnel: {\"report_to\":\"cf-nel\",\"success_fraction\":0.0,\"max_age\":604800}\r\ncontent-encoding: br\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Django","description":"Django is a Python-based free and open-source web application framework.","website":"https://djangoproject.com","common_platform_enumeration":"cpe:2.3:a:djangoproject:django:*:*:*:*:*:*:*:*","icon":"Django.png","categories":["Web frameworks"]},{"name":"Cloudflare","description":"Cloudflare is a web-infrastructure and website-security company, providing content-delivery-network services, DDoS mitigation, Internet security, and distributed domain-name-server services.","website":"https://www.cloudflare.com","common_platform_enumeration":"","icon":"CloudFlare.svg","categories":["CDN"]},{"name":"Python","description":"Python is an interpreted and general-purpose programming language.","website":"https://python.org","common_platform_enumeration":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","icon":"Python.png","categories":["Programming languages"]},{"name":"jQuery:2.2.4","description":"jQuery is a JavaScript library which is a free, open-source software designed to simplify HTML DOM tree traversal and manipulation, as well as event handling, CSS animation, and Ajax.","website":"https://jquery.com","common_platform_enumeration":"cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*","icon":"jQuery.svg","categories":["JavaScript libraries"]},{"name":"jQuery CDN","description":"jQuery CDN is a way to include jQuery in your website without actually downloading and keeping it your website's folder.","website":"https://code.jquery.com/","common_platform_enumeration":"","icon":"jQuery.svg","categories":["CDN"]},{"name":"IPFS","description":"IPFS is a peer-to-peer hypermedia protocol that provides a distributed hypermedia web.","website":"https://ipfs.tech/","common_platform_enumeration":"","icon":"IPFS.svg","categories":["Network storage"]},{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":161617,"size_decoded":0,"mime_type":"text/html","magic":"HTML document, ASCII text, with very long lines (52134), with CRLF line terminators","md5":"610c72a860a51438aaf342e1d0bbf09a","sha1":"8312d251b558357ff31902263b08fba0fa2f32fc","sha256":"547a4ca08a5f64383ae4b4ab8101d658fb63bf56d87563b32c5bcbf1aac2f439","sha512":"e7e9ea0a3ad3efc7f11f5d5cba190dd4c2bdecd06af4e21d5d02653401e08b5c63f3267d09eb101fad3fe0fce6568c52e97a94d3d82598a19d0ca02b48ed81ee","ssdeep":"3072:I6yZTcpVvUbtZvZb5dFBWAuCoZrbwnKT5cb/1qkJg/qr8B3FWYzDHYK6ygnv9oN:RMTSvUHFW3ZZrbwnKT5c715Jg/qr8B1b","tlshash":"c0f3528177c2bc8112470776771bb1e9e92a4ead708904caf11cbc90f7bda16fad1a71","first_seen":"2025-01-24T13:37:31.16837Z","last_seen":"2026-01-20T02:14:13.312598Z","times_seen":16,"resource_available":true,"data":null}},"time_used":452,"timings":{"blocked":41,"dns":23,"connect":1,"send":0,"wait":369,"receive":0,"ssl":15},"alerts":{"ids":null,"analyzer":[{"sensor_name":"openphish","sensor_type":"url","title":"OpenPhish","description":"OpenPhish","scan_date":"2025-10-08","alert":"Phishing - Webmail Providers","trigger":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","verdict":"phishing","severity":"medium","comment":"Webmail Providers","link":"https://openphish.com","meta":null},{"sensor_name":"phishtank","sensor_type":"Blocklist","title":"PhishTank","description":"PhishTank","scan_date":"2025-01-08","alert":"Phishing - Other","trigger":"straight-balloon-big.on-fleek.app/asigzeqpcc5.html","verdict":"phishing","severity":"medium","comment":"Other","link":"http://phishtank.com","meta":null},{"sensor_name":"cloudflare_dns","sensor_type":"DNS","title":"Cloudflare DNS","description":"Cloudflare DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cloudflare.com/application-services/products/dns/","meta":null},{"sensor_name":"opendns","sensor_type":"DNS","title":"OpenDNS","description":"OpenDNS","scan_date":"2025-10-08","alert":"Phishing Block","trigger":"straight-balloon-big.on-fleek.app","verdict":"phishing","severity":"medium","comment":"","link":"https://www.opendns.com/","meta":null},{"sensor_name":"dns0","sensor_type":"DNS","title":"DNS0 Zero","description":"DNS0 Zero","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"Sinkholed in DNS (SOA: negative-caching.dns0.eu)","link":"https://www.dns0.eu/zero","meta":null},{"sensor_name":"hagezi","sensor_type":"DNS","title":"Hagezi Threat Feed","description":"Hagezi Threat Feed","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://github.com/hagezi/dns-blocklists","meta":null},{"sensor_name":"cira_dns","sensor_type":"DNS","title":"CIRA Canadian Shield DNS","description":"CIRA Canadian Shield DNS","scan_date":"2025-10-08","alert":"Sinkholed","trigger":"straight-balloon-big.on-fleek.app","verdict":"malicious","severity":"medium","comment":"","link":"https://www.cira.ca/en/canadian-shield/","meta":null}],"urlquery":null}},{"url":{"schema":"https","addr":"code.jquery.com/jquery-2.2.4.min.js","fqdn":"code.jquery.com","domain":"jquery.com","tld":"com"},"ip":{"addr":"151.101.130.137","port":443,"asn":54113,"as":"FASTLY","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"script","requested_by":"https://straight-balloon-big.on-fleek.app/asigzeqpcc5.html","date":"2025-10-08T20:42:02.630Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"ECDSA-P256-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.jquery.com","organization":""},"issuer":{"commonName":"Sectigo Public Server Authentication CA DV E36","organization":"Sectigo Limited"},"validity":{"start":"Thu, 12 Jun 2025 00:00:00 GMT","end":"Fri, 26 Jun 2026 23:59:59 GMT"},"fingerprint":{"sha1":"56:36:FB:D3:E0:9E:71:88:98:A4:C9:34:94:9B:43:3A:C4:C5:1E:BE","sha256":"9A:64:20:6F:F5:DC:F1:8A:D6:B2:D0:93:C2:7E:62:86:0B:1A:D5:24:CF:CE:4A:9F:4C:0D:F1:FB:F2:A0:A8:1E"}}},"request":{"raw":"GET /jquery-2.2.4.min.js HTTP/1.1\r\nHost: code.jquery.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: */*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://straight-balloon-big.on-fleek.app/\r\nOrigin: https://straight-balloon-big.on-fleek.app\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: script\r\nSec-Fetch-Mode: cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ncontent-type: application/javascript; charset=utf-8\r\nlast-modified: Fri, 18 Oct 1991 12:00:00 GMT\r\netag: W/\"28feccc0-14e4a\"\r\ncache-control: public, max-age=31536000, stale-while-revalidate=604800\r\naccess-control-allow-origin: *\r\ncontent-encoding: gzip\r\nvia: 1.1 varnish, 1.1 varnish\r\naccept-ranges: bytes\r\ndate: Wed, 08 Oct 2025 20:42:02 GMT\r\nage: 1948013\r\nx-served-by: cache-lga21935-LGA, cache-hel1410033-HEL\r\nx-cache: HIT, HIT\r\nx-cache-hits: 37, 128658\r\nx-timer: S1759956123.700544,VS0,VE0\r\nvary: Accept-Encoding\r\ncontent-length: 29811\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Varnish","description":"Varnish is a reverse caching proxy.","website":"https://www.varnish-cache.org","common_platform_enumeration":"cpe:2.3:a:varnish-software:varnish_cache:*:*:*:*:*:*:*:*","icon":"Varnish.svg","categories":["Caching"]},{"name":"Nginx","description":"Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache.","website":"https://nginx.org/en","common_platform_enumeration":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","icon":"Nginx.svg","categories":["Web servers","Reverse proxies"]}],"data":{"size":85578,"size_decoded":0,"mime_type":"application/javascript; charset=utf-8","magic":"JavaScript source, ASCII text, with very long lines (32065)","md5":"2f6b11a7e914718e0290410e85366fe9","sha1":"69bb69e25ca7d5ef0935317584e6153f3fd9a88c","sha256":"05b85d96f41fff14d8f608dad03ab71e2c1017c2da0914d7c59291bad7a54f8e","sha512":"0d40bccaa59fedecf7243d63b33c42592541d0330fefc78ec81a4c6b9689922d5b211011ca4be23ae22621cce4c658f52a1552c92d7ac3615241eb640f8514db","ssdeep":"1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2","tlshash":"1e83c6d9b2d6706297b734b850bf410bb17a98dab44c8c60f059d4e47eb4a8e507bf2c","first_seen":"2023-03-07T01:02:00Z","last_seen":"2026-04-06T10:09:45.641385Z","times_seen":267528,"resource_available":true,"data":null}},"time_used":155,"timings":{"blocked":66,"dns":19,"connect":16,"send":0,"wait":14,"receive":5,"ssl":32},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"ik.imagekit.io/escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif","fqdn":"ik.imagekit.io","domain":"imagekit.io","tld":"io"},"ip":{"addr":"54.240.174.104","port":443,"asn":16509,"as":"AMAZON-02","country":"United States","country_code":"US"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://straight-balloon-big.on-fleek.app/asigzeqpcc5.html","date":"2025-10-08T20:42:02.631Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"*.imagekit.io","organization":""},"issuer":{"commonName":"Amazon RSA 2048 M02","organization":"Amazon"},"validity":{"start":"Sun, 22 Dec 2024 00:00:00 GMT","end":"Tue, 20 Jan 2026 23:59:59 GMT"},"fingerprint":{"sha1":"61:BF:F1:A1:C3:63:69:98:40:72:23:FE:9D:C6:A8:42:2E:10:3F:B0","sha256":"56:10:8F:3D:13:E7:1E:52:E3:42:C0:94:B7:DE:1A:07:D4:8E:E9:60:05:30:AF:FB:1E:83:90:CB:7E:DE:39:4E"}}},"request":{"raw":"GET /escrowmade/Rolling-1s-200px__1__trHCWXy9jD.gif HTTP/1.1\r\nHost: ik.imagekit.io\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://straight-balloon-big.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\ncontent-type: image/gif\r\ncontent-length: 55202\r\naccess-control-allow-origin: *\r\naccess-control-allow-methods: GET\r\naccess-control-allow-headers: *\r\ntiming-allow-origin: *\r\nx-server: ImageKit.io\r\nx-request-id: c0bfd30c-eb12-4edc-9f4b-87ef474ebfd8\r\ncache-control: public, s-maxage=31536000, max-age=31536000, must-revalidate\r\netag: \"e0db42b6df621874ee2ea66da650fbf8\"\r\nlast-modified: Thu, 03 Jul 2025 18:35:14 GMT\r\ndate: Tue, 30 Sep 2025 23:53:45 GMT\r\nvia: 1.1 dc85053069397a282d87170bb1bcab4a.cloudfront.net (CloudFront), 1.1 92c4bb210eab82a152000047d3609a02.cloudfront.net (CloudFront)\r\nvary: Accept\r\nx-cache: Hit from cloudfront\r\nx-amz-cf-pop: OSL50-P1\r\nalt-svc: h3=\":443\"; ma=86400\r\nx-amz-cf-id: CAZ4RDp0QtEdEmQxvBJ4uOBkHQQnWRh9Up7QA-EGAX1JpUfIQhATXA==\r\nage: 679696\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":[{"name":"Amazon Web Services","description":"Amazon Web Services (AWS) is a comprehensive cloud services platform offering compute power, database storage, content delivery and other functionality.","website":"https://aws.amazon.com/","common_platform_enumeration":"","icon":"Amazon Web Services.svg","categories":["PaaS"]},{"name":"ImageKit","description":"ImageKit is a real-time image and video transformation, optimization, and delivery service with built-in digital asset management, powered by a global CDN.","website":"https://imagekit.io/","common_platform_enumeration":"","icon":"ImageKit.svg","categories":["CDN","Digital asset management"]},{"name":"Amazon CloudFront","description":"Amazon CloudFront is a fast content delivery network (CDN) service that securely delivers data, videos, applications, and APIs to customers globally with low latency, high transfer speeds.","website":"https://aws.amazon.com/cloudfront/","common_platform_enumeration":"","icon":"Amazon Cloudfront.svg","categories":["CDN"]}],"data":{"size":55202,"size_decoded":0,"mime_type":"image/gif","magic":"GIF image data, version 89a, 200 x 200","md5":"e0db42b6df621874ee2ea66da650fbf8","sha1":"b7c0efc1aa7da3dd283e9d7d8e99fd918f81946a","sha256":"8b641242556100d4e9056cde2c1b919f0ea7eec942d3a23c1ae9e7690e3a9627","sha512":"45dab05fd7ff388521d0f82f783c9b784083b0b913e7a232753b3a5c59d05c528552f36136be5696cedc130c5e78ebd6fbeaf3b1afdabfebee944243677ca320","ssdeep":"768:S4bqd+5Unc8qpr1cvfz8IKgLYYLdfYsQeSlYckz0ngQvuT3oapnIgxjQAmMBsU:SQqnuZcjLYYJYs3ca0ngGuT1NmA0U","tlshash":"b143d0aa2394c0b7c403a57b359bc5f5061f0b7d94686ab18eb188bf1d1cb1ee1d8c5a","first_seen":"2025-04-17T08:02:52.207495Z","last_seen":"2026-04-06T10:36:18.923594Z","times_seen":1355,"resource_available":false,"data":null}},"time_used":153,"timings":{"blocked":69,"dns":53,"connect":6,"send":0,"wait":8,"receive":2,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"fac.corp.fortinet.com/customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/","fqdn":"fac.corp.fortinet.com","domain":"fortinet.com","tld":"com"},"ip":{"addr":"208.91.114.103","port":443,"asn":40934,"as":"FORTINET","country":"Canada","country_code":"CA"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://straight-balloon-big.on-fleek.app/asigzeqpcc5.html","date":"2025-10-08T20:42:02.632Z","timestamp":0,"http_version":"","security_state":"secure","security_info":{"cipher_suite":"TLS_AES_128_GCM_SHA256","key_group_name":"x25519","signature_name":"RSA-PSS-SHA256","protocol":"TLSv1.3","cert":{"subject":{"commonName":"fac.corp.fortinet.com","organization":"Fortinet, Inc."},"issuer":{"commonName":"DigiCert Global G2 TLS RSA SHA256 2020 CA1","organization":"DigiCert Inc"},"validity":{"start":"Mon, 10 Feb 2025 00:00:00 GMT","end":"Mon, 09 Feb 2026 23:59:59 GMT"},"fingerprint":{"sha1":"F2:04:8D:F5:6F:6E:EE:68:A1:8A:98:5C:48:DA:BF:A2:40:00:8F:5D","sha256":"A0:28:A2:28:8F:73:0F:3E:04:FD:74:ED:E9:E2:62:A4:78:AD:0F:69:21:A6:85:D6:34:DF:FE:D4:AA:B4:70:9F"}}},"request":{"raw":"GET /customviews/image/password_hidden:93edf7d3ceb704be92ee084ecc62c6c8/ HTTP/1.1\r\nHost: fac.corp.fortinet.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nReferer: https://straight-balloon-big.on-fleek.app/\r\nDNT: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/1.1 404 Not Found\r\nStrict-Transport-Security: max-age=15552000\r\nDate: Wed, 08 Oct 2025 20:42:03 GMT\r\nContent-Length: 1288\r\nContent-Security-Policy: base-uri 'self'; object-src 'none'; default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'\r\nX-Frame-Options: SAMEORIGIN\r\nVary: Accept-Encoding\r\nContent-Language: en\r\nX-Content-Type-Options: nosniff\r\nReferrer-Policy: strict-origin-when-cross-origin\r\nCross-Origin-Opener-Policy: same-origin\r\nContent-Encoding: gzip\r\nCache-Control: public, max-age=31536000\r\nSet-Cookie: device_id=59e80665-2826-41a0-a31f-5212d2b12892; expires=Thu, 08 Oct 2026 20:42:03 GMT; HttpOnly; Max-Age=31536000; Path=/; SameSite=None; Secure\r\nPermissions-Policy: fullscreen=(self)\r\nKeep-Alive: timeout=5, max=100\r\nConnection: Keep-Alive\r\nContent-Type: text/html; charset=utf-8\r\n\r\n","headers":null,"cookies":null,"status_code":"404","status_text":"Not Found","fingerprints":[{"name":"HSTS","description":"HTTP Strict Transport Security (HSTS) informs browsers that the site should only be accessed using HTTPS.","website":"https://www.rfc-editor.org/rfc/rfc6797#section-6.1","common_platform_enumeration":"","icon":"","categories":["Security"]}],"data":{"size":0,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"","md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-06T10:11:42.852405Z","times_seen":13418069,"resource_available":true,"data":null}},"time_used":1254,"timings":{"blocked":536,"dns":1,"connect":165,"send":0,"wait":177,"receive":0,"ssl":372},"alerts":{"ids":null,"analyzer":null,"urlquery":null}}]}